Tuesday, December 14, 2010
McDonald's is working with law enforcement authorities after malicious hackers broke into another company's databases and stole information about an undetermined number of the fast food chain's customers.
McDonald's has also alerted potentially affected customers via e-mail and through a message on its Web site. "We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said via e-mail on Saturday. McDonald's hired Arc to develop and coordinate the distribution of promotional e-mail messages, and Arc in turn relied on an unidentified e-mail company to manage the customer information database. This e-mail company's systems were hacked into.
(Source: Computer World)
Full story
Computer World
Friday, December 10, 2010
Google said Thursday that it expects to introduce more stringent copyright protection policies to prevent questionable web sites from participating in Google's services. The goal is to protect content creators from having their intellectual property exploited, the company said. At YouTube, Google already offers Content ID -- a set of audio and video matching tools that give content providers controls to manage their content if someone uploads it.
Participating rights holders provide reference files for comparing with the content on YouTube, and when matches are found the rights holder is given the opportunity to block, track or earn money from creations. "We're seeing media companies make the most of this revenue opportunity," noted YouTube Product Manager David King in a blog. "In the last quarter alone, claims to make money from videos increased 200 percent."
(Source: Newsfactor Network)
Full story
Newsfactor Network
Thursday, November 11, 2010
The British government says cyber crime is now one of the biggest risks to national security. A new cyber crime unit is to be set up which will both defend from and be able to attack other nations. As more of the world comes online, so the number and location of PCs available for hijacking is changing. Spencer Kelly investigates what the latest threats look like, and how they can be avoided. For the full story on "How to avoid the fake security tool scam", click here
(Source: BBC)
Full story
BBC
Tuesday, November 09, 2010
Identity theft and misuse of data is of top concern to people around the world as well as in the United States. That's a challenge for our society, our political leadership and the IT industry. It's also a challenge to our customers. End users are sensitive to security technology and security safeguards used for Internet banking and online transactions. Our belief is that it's best to let people see that you have good security rather than making it invisible to people. It's the equivalent of showing people the vault in the back room in your great grandmother's generation.
What people want to see now is that their Internet banking and identity data is safe. We've seen this more than we did three or four years ago. Our customers want two-factor identification not to be invisible. If you log onto your bank through a kiosk device it acknowledges that you haven't used this device before and it puts you through an extra handshake.
(Source: Forbes)
Full story
Forbes
Friday, November 05, 2010
Facebook admitted late last week that some developers have sold user IDs (UIDs) to data brokers. The popular social-networking site said it has taken steps to prevent this in the future, including a six-month suspension of some developers. In a post Friday on the company's Developer Blog, Facebook's Mike Vernal said the company has "discovered some instances where a data broker was paying developers for UIDs." He noted that the developers were less than a dozen, mostly small developers, and that none of the apps were in the top 10 on the platform. He also noted that some sharing of UIDs happened "inadvertently" due to "an issue with the way that web browsers work." He added that no evidence was found that this "sharing" resulted in the collection of private user information. With a user ID, a user's public information, including name, can be found. The Journal found that at least one data broker, RapLeaf, had correlated the user IDs with its own database of Net users, and had shared the Facebook IDs with other firms.
This kind of data correlation can help to create a user behavioral profile. RapLeaf said the sharing wasn't intentional, and has agreed to remove all the UIDs it has. The company is no longer allowed to conduct activities on the Facebook platform.
(Source: News Factor Network)
Full story
News Factor Network
Friday, October 29, 2010
A former IT staffer has been sentenced to a year and a day in prison for stealing sensitive information belonging to his co-workers and using the data to make money filling out online health surveys. Cam Giang, 31, was fired from the University of California San Francisco Medical Center earlier this year after investigators discovered that he'd been using the names, birthdays and Social Security numbers of other UCSF employees to fill out hundreds of online surveys.
The point was to collect online vouchers, worth US$100 each. He had worked at the medical center's IT department for five years and had access to the sensitive information through his job, according to court records. Between January and April of this year, Giang filled out 382 surveys before the company that was paying for them, StayWell, figured out what was going on. StayWell had been offering UC employees the gift vouchers as incentives to fill out health surveys, but it grew wise to the scam. The company received complaints from employees who couldn't fill out the survey. When StayWell investigated, it turned out that Giang had already filled out surveys in their names.
(Source: Computer World)
Full story
Computer World
Thursday, October 28, 2010
ZDNet reported recently that a Western Australian man was the victim of a new bizarre twist of identity theft. According to the report, Roger Mildenhall, was contacted by a neighbor saying he had seen one of his investment houses for sale. Mildenhall looked into it and found that it was for sale . He was also surprised to learn that he sold another property in June. In this economy, you might jump for joy. Roger was dumbfounded since he never intended to sell these properties - this was done unauthorized by him.
ALL transactions were made via email, telephone, and fax. No human interaction. The report indicates that alleged scammers hacked into Mildenhall's email account. From there they were able to get to his personal and property documents.
(Source: Infosec Island)
Full story
Infosec Island
Monday, October 25, 2010
As technology advances, children are becoming quite adept at using smart phones, surfing the web, posting pictures, etc. So it may be important to sit your child down and teach them one quick lesson about the Internet:
What happens on the Internet, Stays on the Internet…FOREVER
And as parents, before you hand over that phone to provide some extra entertainment when you get stuck in line at a restaurant, you may want to make sure all other applications are locked down, you have signed out of your email and other social networking sites, and that before anything can be sent a passwords must be entered.
(Source: Infosec Island)
Full story
Infosec Island
Google Inc admitted for the first time its "Street View" cars around the world accidentally collected more personal data than previously disclosed -- including complete emails and passwords -- potentially breathing new life into probes in various countries. The disclosure comes just days after Canada's privacy watchdog said Google had collected complete emails and accused Google of violating the rights of thousands of Canadians. "If in fact laws were broken...then there's some serious question of culpability and Google may need to face significant fines," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a Washington DC-based privacy advocacy group.
Regulators in France, Germany and Spain, among others, have opened investigations into the matter. A coalition of more than 30 state attorneys general in the United States also have launched a joint probe. It remains unclear how many people may have been affected by the privacy breach.
(Source: Reuters)
Full story
Reuters
Wednesday, October 20, 2010
Nearly half of home wi-fi networks can be hacked in less than five seconds, according to a study carried out across the UK. Of the 40,000 networks identified across six cities, just under 20,000 had no password or the most basic form of security encryption, the research for card protection and insurance company CPP found. In the “ethical hacking” experiment, researchers spent half an hour in each city using freely-available software to use as many unsecured wireless connections as possible. Nearly a quarter of the private networks (9,249) had no password, despite 82% of Britons saying their network is secure. But the study found even password-protected networks were not secure, with hackers able to breach a typical password in seconds.
(Source: Belfast Telegragh)
Full story
Belfast Telegragh
All network security equipment, the strongest of which is used by the financial industry, is exposed to a new kind of online attack, Finnish data security vendor Stonesoft said on Monday. Stonesoft said it has found a new threat category -- advanced evasion techniques (AETs) -- which simultaneously combine different evasions in several layers of networks, and in the process become invisible for security gear. While evasions -- tools hackers often use to penetrate network security -- are nothing new, AETs package them in new ways to let attackers bypass most firewalls and intrusion detection and prevention systems (IPS) without being detected.
This could give them access to data on secure corporate networks and allow them to plant further attacks. "From the point of view of cybercriminals and hackers, advanced evasion techniques work like a master key to anywhere," said Klaus Majewski, business development chief at Stonesoft. "Current protection against advanced evasion techniques is next to zero. This is a new thing and there is no protection against it currently," Majewski said.
(Source: Reuters)
Full story
Reuters
Thursday, October 14, 2010
INTERPOL has launched an international initiative which will see the world police body provide a list of Internet domains containing severe child sexual abuse content to Internet Access Service Providers (ASPs) voluntarily participating in the scheme to reduce the availability of such material on the Web. Under the scheme, Internet users attempting to access severe child abuse material on the web will be re-directed away, either to an INTERPOL stop page or to an error page.
INTERPOL’s Trafficking in Human Beings unit, which steers the world police body’s combat against child sexual exploitation, will work with the Organization’s National Central Bureaus and international police forces amongst its 188 member countries in updating and enlarging this “Worst of” list of domains containing severe child sexual abuse material, according to criteria defined in collaboration with the pan-European police project CIRCAMP – the COSPOL (Comprehensive Operational Strategic Planning for the Police) Internet Related Child Abusive Material Project.
(Source: Interpol)
Full story
Interpol
Tuesday, October 12, 2010
PRE-TEENS should not be on Facebook, insists Queensland Premier Anna Bligh - and the social networking site needs to work harder at enforcing the 13-year age limit. "I think that parents are right when they say that primary school children should not be on Facebook and I support Queensland parents when they say that Facebook needs to do more to address their legitimate fears," Ms Bligh said. "Vigilant parents can email the company if their child is under 13 and the child's site will be shut down.
''Unfortunately, there really is nothing to stop their child setting up another site." Sandy White from Norman Park in Brisbane's inner east is the mother of Thomas, 13, and Ryan, 12. She believes the number of primary school children using Facebook is growing. "I do not allow my boys to have a Facebook account, even though they would love to. It seems the norm these days is for children as young as 10 or 11 to join up but I believe that children of that young age are defenceless to predators.
(Source: Queensland Newspapers)
Full story
Queensland Newspapers
Adult websites and applications are too easily accessible to adolescent smartphone users, with the Korean government unable to censor materials uploaded from foreign soil, a lawmaker said Monday. Rep. Han Sun-kyo of the governing Grand National Party (GNP) said that smartphone users, including minors, can access many applications containing sex-related material and games. “Internet users cannot search sites containing adult materials by typing in sex-related words. But if you do that in the App Store and Google-backed Android market, you get up to 900 X-rated applications,” he said during the National Assembly’s audit of the Ministry of Culture, Tourism and Sports. In particular, those who are over 17 can download adult content from the App Store, Han said. “Even if they are minors, they can have access to adult content as long as they type in passwords and click the approve button.” Among the most downloaded applications, one involving sex acts ranked 40th, he said, stressing there are even applications allowing smartphone users to view adult video clips by providing their uniform resource locators (URL).
“The Korea Communication Standards Commission (KOCSC) has recently decided to tighten applications on App Store and other online open application markets, believing there is too much sex-related material. But it is not certain that the commission will be able to apply local regulations to foreign companies,” the lawmaker said.
(Source: The Korea Times)
Full story
The Korea Times
Wednesday, October 06, 2010
Addiction counsellors have told Newsbeat they're seeing more cases of people worried about being hooked on playing video games. There are now calls for the gaming industry to offer more support to people who can't switch off. Technology or computer addiction isn't officially recognised as a clinical condition. But the group representing games companies admits there needs to be more research into the problem.
"Most of the people that are getting into difficulties tend to be in their teenage years and early 20s. "As that generation moves through and others come on behind, I think the problem is going to get bigger."
(Source: BBC)
Full story
BBC
Appropriately for a month that concludes with a holiday designed around scary things, October has been declared Cyber Security Awareness Month. President Obama recently signed a proclamation and urged everyone to back up files, keep Internet-surfing children safe, and "play an active role in securing the cyber networks we use every day." National Cyber Security Awareness Month is part of a campaign organized by the National Cyber Security Alliance (NCSA) and backed by the Department of Homeland Security.
The government agency said, "America's competitiveness and economic prosperity in the 21st century will depend on effective cybersecurity." NCSA said October's designation is part of the first Global Online Safety Campaign, called STOP | THINK | CONNECT, which began Monday. The public-private partnership is intended to "help all digital citizens employ universal behaviors to protect themselves," the organization said.
(Source: NewsFactor Network)
Full story
NewsFactor Network
Tuesday, October 05, 2010
The Department of the Prime Minister and Cabinet has sponsored a new online directory of Australia's security professionals and academia, which aims to highlight leaders in the industry. The National Security Research Directory is a brain's trust of hundreds of experts operating in a burgeoning list of fields across IT security, biometrics and counter-terrorism. It includes research topic areas such as applied cryptography, physical security and "ubervelliance" — a system with the ability to automatically locate and identify individuals and predict their movements.
Deputy national security advisor Margot McCarthy said the network will tighten coordination on matters of national security in the public and private sectors. McCarthy also announced the National Security Advisor's Group within the Department of the Prime Minster and Cabinet, which will report directly to the National Security chief information officer, Rachael Noble, on issues including cybersecurity.
(Source: ZD Net)
Full story
ZD Net
Nearly six-in-ten adults (58%) have done research online about the products and services they buy, and about a quarter (24%) have posted comments or reviews online about the things they buy. On a typical day, 21% of adults search for product information online.
This is an increase from 15% in 2007 and 9% in 2004. The 2010 data come from a telephone survey by the Pew Research Center’s Internet & American Life Project conducted between August 9 and September 13, 2010. The survey was administered to a sample of 3,001 adults, age 18 and older, using a combination of landline and cellular telephones. Interviews were conducted in English or Spanish. The sample margin of error is plus or minus 2.5 percentage points for the general population and plus or minus 2.9 percentage points for internet users (n=2,065). Among internet users, 78% say that they at least occasionally conduct product research and 32% report that they have posted online product comments.
(Source: Pew Internet Research)
Full story
Pew Internet Research
500 million users worldwide and still growing, Facebook is now ubiquitous. Because of its popularity, minors have jumped onto the social media bandwagon, too, and they use networking the same way adults do--to share pictures, connect with friends, organize events, and play social games. And that can be a problem.
For the most part, Facebook provides a fun and safe way for users of all ages to communicate with their pals. But because kids and teens are, well, kids and teens, they're the ones most at risk of falling victim to the dangers of Facebook. With a bit of strategic parental guidance, you can educate your kids about the potential hazards of social media and give them the tools they need to protect themselves from online predators, guard their personal information, preserve their online reputation, and avoid suspicious downloads that could harm your PC.
(Source: PC World)
Full story
PC World
Thursday, September 23, 2010
Students awaiting loans and grants should watch out for scam emails asking for bank details, Student Finance England warns Students were today warned to beware of scam emails purporting to be about loans and grants, after it emerged that 50 phishing websites targeting young people have been shut down during the last year.
Hundreds of thousands of people are starting university in the coming weeks, and Student Finance England, which processes English students' loans and grants, today urged students to "remain vigilant" and not disclose any personal or bank details in response to email requests that look like they are from either itself or its parent company, the Student Loans Company. Student Finance England expects to make payments to more than 600,000 students this week, and fraudsters are taking advantage of the timing to target students who are waiting for money to arrive. Heather Laing, its fraud manager, said: "Students are likely to receive a great deal of correspondence from Student Finance England at this time, with payment schedule letters or letters requesting further information coming through the door. Some students may fall victim to an email request that looks to be from Student Finance England or the Student Loans Company asking for confirmation of bank details. However, we will never ask students to confirm their bank details via email. If they do receive such a request, they should forward it on to us to investigate."
(Source: Guardian)
Full story
Guardian
For the 10th eLearning Awards, European Schoolnet and ENISA, the European Network and Information Security Agency, announce a new prize category called "Teaching online safety and citizenship".
The rapid spread of internet use among young people is making it essential to address eSafety and ePrivacy, in order to protect young people from online risks and threats and to prepare them to use digital technologies in a secure and responsible way. As a major European actor for eSafety and ePrivacy, ENISA highly encourages all teachers to address these issues with their young students. “Young people and children are today amongst the biggest user groups of online technologies in Europe. It is important to equip them with the skills and knowledge to stay safe online,” said Dr Udo Helmbrecht, Executive Director of ENISA.
(Source: ENISA)
Full story
ENISA
Tuesday, September 21, 2010
In UK, ISPs must pay 25 per cent of the cost of implementing new anti-piracy measures, it has been announced. The process of identifying and informing broadband customers suspected of copyright infringement will be paid for partially by ISPs and copyright holders, who will pay the other 75 per cent.
The decision comes as the government attempts to thrash out the details of how some parts of the controversial Digital Economy Act will actually work in practice. Minister for Communications, Ed Vaizey, said: "Protecting our valuable creative industries, which have already suffered significant losses as a result of people sharing digital content without paying for it, is at the heart of these measures. "The Digital Economy Act serves to reduce online copyright infringement through a fair and robust process and at the same time provides breathing space to develop better business models for consumers who buy music, films and books online.
(Source: Webuser)
Full story
Webuser
Monday, September 20, 2010
The 2011 Global State of Information Security Survey is a worldwide security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. It was conducted online from February 19, 2010 to March 4, 2010. Readers of CIO and CSO Magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 135 countries. Thirty-seven percent of respondents were from Asia, 30% from Europe, 17% from North America, 14% from South America, and 2% from the Middle East and South Africa. For the main finadins please click here
(Source: Price Waterhouse Coopers)
Germany is the first country to launch a large scale malware cleaning project backed by the government, Internet service providers and security companies.
The new Anti-Botnet Counseling Center (Anti-Botnet Beratungszentrum) is an organization dedicated to assisting German users with removing botnet infections from their computers. It was established with funding from the Federal Ministry of Interior and the technical assistance is provided by the Federal Office for Information Security (BSI). The initiative was announced late last year as a collaboration between the Federal Government and the German Internet Industry Association (eco).
(Source: Softpedia)
Full story
Softpedia
Thursday, September 16, 2010
Sometimes it's a story of a grown woman who has chosen prostitution as a path to a better life. More often, it's a story of a woman being forced to sell her body by a pimp. And then there are the children, and the mothers that miss them.
"They told me to look on Craigslist and it almost blew my mind," the mother of one missing 12-year-old told CNN. "She was there with a wig on. She was there in a purple negligee. The same day the woman spoke to CNN, her daughter was rescued by police at a seedy hotel near Washington where she was being sold for sex. And she's not alone. The National Center for Missing and Exploited Children's website contains thousands of posters of missing children. Many are girls, classified as "endangered runaways," and the center says more than fifty of them have been pushed into the sex trade. But that's just a snapshot, a tiny indicator of the true scale of the problem.
(Source: CNN)
Full story
CNN
An awkwardly-worded reply by Defence Secretary Liam Fox to questions in the House of Commons suggests that cuts in information security spending are not on the agenda for the Strategic Defence and Security Review (SDSR), which is due to report back in the Autumn. On the contrary, Britain is looking to boost its capabilities in the area. Cyber-security is an important element of the SDSR and has already had considerable consideration. Decisions on enhancing our capabilities will form part of the review, which we will announce to the House later this autumn.
Developing a military cyber-security policy should not be the responsibility of the Ministry of Defence alone, Fox added. Investing in better cyber-security will not be an option for the United Kingdom. What is being considered under the National Security Council as part of the SDSR is how that occurs. We will face increasing threats in cyberspace in the years ahead-the question is how we identify the weakest areas, which need to be looked at first, and how we develop the technologies so that, as the other technologies that might affect us continue to evolve, we are best protected.
(Source: The register)
Full story
The register
The Millennium Development Goals (MDGs) are a set of targets intended to reduce global poverty and improve living standards by 2015. Specific goals target education, fighting disease and promoting gender equality. Access to communications technology is a part of one of the targets. With five years to go until the deadline to achieve the goals, progress remains uneven. Some countries have achieved many of the goals, while others - mostly in the developing world - may not realise any. Many development experts question how the goals will be achieved and how they will be paid for. Some even question whether the approach is necessary or helpful.
But Dr Toure said that he believed technologies such as broadband could be used to "accelerate" progress on the goals and help countries achieve them. "Access to broadband in an affordable manner is our greatest challenge," Dr Hamadoun Toure, secretary general of the International Telecommunications Union (ITU), told BBC News.
(Source: BBC)
Full story
BBC
Tuesday, September 14, 2010
Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats. Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes — including the strongest passwords you can concoct — and then sends it surreptitiously to a remote location.
(Source: The New York Times)
Full story
The New York Times
Monday, September 13, 2010
With its millions of users, the world’s most popular social network has become a perfect target for hackers exploiting such a dense concentration of potential victims. Apart from phishing attacks or spam, which are now easily recognized by many Internet users, hackers are employing new methods, which for the moment at least, are proving to be successful. What to do if your Facebook profile has been hacked
Step 1: Firstly, remove all permissions that have been given to the malicious application. This is a simple process: from Account > Application settings in the top-right corner of your Facebook profile. This ensures that the application will not continue to have access to your profile once the password is changed.
Step 2: Change the login password! To keep your identity safe, it is advisable to change your password and the user name (it’s a good idea to do this from time to time anyway). This is also easy: Go to Account > and Account Settings in the menu in the top left corner of your Facebook profile. It is also advisable to use strong passwords that cannot easily be guessed.
(Source: Panda Security)
Full story
Panda Security
Friday, September 10, 2010
Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake. Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognizable.
eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service. This way, when users search for these names, a link to the malicious website will appear among the first results returned. When they visit these sites, one of two things will happen: either malware will be downloaded onto the user’s computer, with or without their knowledge, or the website spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details which will fall into the hands of criminals.
(Source: Panda Security)
Full story
Panda Security
A booby-trapped e-mail that promises free sex movies is racking up victims around the world, warn security firms. Some variants of the Windows worm contain a link to PDF that a recipient has been told to expect. Those clicking on the link get neither movies nor documents but give the malware access to their entire Outlook address book. When installed, the worm sends copies of itself to every e-mail address it can find.
The malicious e-mail messages have a subject line saying "Here you have" and contain a weblink that looks like it connects to a PDF document. Instead it actually links to a website hosting the malware.
(Source: BBC)
Full story
BBC
Thursday, September 09, 2010
While social media use has grown dramatically across all age groups, older users have been especially enthusiastic over the past year about embracing new networking tools. Social networking use among internet users ages 50 and older nearly doubled—from 22% in April 2009 to 42% in May 2010.
- Between April 2009 and May 2010, social networking use among internet users ages 50-64 grew by 88%--from 25% to 47%.
- During the same period, use among those ages 65 and older grew 100%--from 13% to 26%.
- By comparison, social networking use among users ages 18-29 grew by 13%—from 76% to 86%.
(Source: Pew Research Center)
Full story
Pew Research Center
Tuesday, July 06, 2010
The Safer Internet Forum has been organized by the Safer Internet Programme as an annual conference on safer internet issues since 2004. It brings together representatives of industry, law enforcement authorities, child welfare organizations and policy makers. The past editions of the Safer Internet Forum have welcomed guests not only from Europe, but also from countries such as Australia, Brazil or the Russian Federation.
The 2010 edition of the Safer Internet Forum will take place in Luxembourg on the 21-22 October. This year the Safer Internet Forum will focus on the results of two major research projects funded by the Safer Internet Programme: EUKidsOnline II, which surveyed children and parents in 25 European countries about internet use, and European Online Grooming Project, the first European research project that studies the characteristics and behaviour of sexual offenders who have used the internet to groom young people.
(Source: Europe's Information Society)
Full story
Europe's Information Society
A new targeted malware attack is threatening UK bank customers. Security firm Trusteer said that it has spotted a malware attack that compromises user credentials by creating a fake bank log-in page and then uses those credentials to perform an "authorised" monetary transfer. The attack is being spread through multiple infection methods, including web-based exploits and spam email attachments. Rather than aim to infect numerous systems around the world, however, the company said that the attack is specifically targeting the UK and focusing on very few banks at a time, anywhere from three to seven in a single run.
The UK is not the first country to be targeted for such attacks. Trusteer has spotted similar operations in South Africa and Germany.
(Source: v3.co.uk)
Full story
v3.co.uk
Thursday, June 17, 2010
New Zealand has joined a global taskforce to fight online child exploitation. Police Superintendent Win Van Der Velde today signed an agreement with the Virtual Global Taskforce (VGT) board in Rome. VGT is made up of international law enforcement agencies, and Deputy Commissioner Rob Pope said joining strengthened an already firm resolve to tackle the online abuse of children. Police will collaborate with VGT through its Online Child Abuse Exploitation Squad (OCEANZ). VGT is chaired by the Australian Federal Police.
(Source: New Zealand Herald)
Full story
New Zealand Herald
Experts from nearly 40 countries gathered in the Estonian capital Tallinn to discuss the latest issues in the fight against virtual attackers. Estonian President Toomas Hendrik Ilves opened the conference with a stark warning about the seriousness of cybercrime. "Our critical infrastructure, electricity grids, transportation networks and mobile phone networks are so enmeshed and tied to the internet that any open society is open to complete and utter failure," he said. "There are no smoking guns, no foot or fingerprints in virtual reality," Estonia's Minister of Defence Jaak Aviksoo added.
Skilled hackers at the conference said malware designed to be used in attacks could be purchased for a few hundred dollars online, or even downloaded for free.
(Source: BBC)
Full story
BBC
Wednesday, June 16, 2010
Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euros ($24.52 million), Spanish police said on Tuesday. Police in fourteen countries participated a two-year investigation, initiated in Spain where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland and the United States, with arrests also made in Australia, Sweden, Greece, Finland and Hungary.
(Source: Reuters)
Full story
Reuters
The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein, Special Agent in Charge Richard A. McFeely of the Federal Bureau of Investigation; Chief James W. Johnson of the Baltimore County Police Department; and Baltimore County State’s Attorney Scott Shellenberger.
This case was brought as part of Project Safe Childhood, a nationwide initiative to combat the growing epidemic of child sexual exploitation and abuse launched in May 2006 by the Department of Justice. Led by United States Attorneys’ Offices and the Criminal Division's Child Exploitation and Obscenity Section (CEOS), Project Safe Childhood marshals federal, state, and local resources to better locate, apprehend, and prosecute individuals who exploit children via the internet, as well as to identify and rescue victims.
(Source: Baltimore FBI)
Full story
Baltimore FBI
Thursday, June 10, 2010
Federal chief information officers and chief information security officers will convene Monday, June 14, at an annual information technology conference where they are sure to discuss the Office of Management and Budget's mandate to look toward cloud computing to cut IT costs, increase efficiencies and enable greater government-wide collaboration and data exchange. In examining the potential benefits and vulnerabilities of moving their services to the cloud, government CIOs and CISOs should ask and demand answers to some difficult questions.
Does your provider ensure the confidentiality, integrity and availability with mature processes, proof of past performance, understanding of and mechanisms for disaster recovery options, and encrypted backups?
(Source: GovInfo Security)
Full story
GovInfo Security
Driven by the popularity of online video among 18-29 year-olds, there have been dramatic increases since 2007 in the number of American adults watching:
- Comedy or humorous videos, rising in viewership from 31% of adult internet users in 2007 to 50% of adult internet users in the current survey
- Educational videos, rising in viewership from 22% to 38% of adult internet users
- Movies or TV show videos, rising in viewership from 16% to 32% of adult internet users
- Political videos, rising in viewership from 15% to 30% of adult internet users
One in seven adult internet users (14%) have uploaded a video to the internet, almost double the 8% who were uploading video in 2007. Home video is far and away the most popular content posted online, shared by 62% of video uploaders. And uploaders are just as likely to share video on social networking sites like Facebook (52% do this) as they are on more specialized video-sharing sites like YouTube (49% do this).
(Source: Pew Research Center)
Full story
Pew Research Center
Sixty-eight percent of service providers say outbound spam costs them up to $100,000 per year, according to a new research study by industry analyst firm Osterman Research and Commtouch. Some key findings from the research include:
- 68 percent of service providers say outbound spam costs them up to $100,000 per year; 4 percent said it is costing them more than $250,000 per year. Costs due to outbound spam include such things as IT helpdesk and anti-abuse team time.
- Almost 40 percent of respondents have had their IP addresses listed on Real Time Blackhole Lists (RBLs) in the past 12 months alone. RBLs are published lists of the addresses of computers or networks known to be sending out spam. A service provider may be blacklisted as a result of outbound spam, and thus have its customers legitimate email blocked by other service providers.
- Nearly 70 percent of service providers are in the process of evaluating solutions for their outbound spam problem. 50 percent expect to deploy a solution within the next 12 months.
(Source: Security Matters)
Full story
Security Matters
Wednesday, June 02, 2010
In Africa, few countries have started their security project and fulfilled some good steps; other countries have now started implementing national mechanisms for combating cybercrime and other related threats; however, a sizeable number of African countries still do not have a strategic plan and are unable to start their first actions. These countries need to be assisted and supported, through guidance and advisory services as well as experience and information sharing with others. Knowledge and information sharing is indeed the missing link at the moment.
CERT-AFRICA is ultimately the resource outlet that will help security experts to share and enhance collaboration to address security threat by connecting leading African security experts and bringing them around a common project. While CERT-AFRICA will be inward looking for its activities, it will also be a conduit for connecting African countries to ongoing efforts within international instances such as the FIRST, the ITU, ICANN, UNCTAD, OIC, etc.
(Source: CERT Africa)
Full story
CERT Africa
The number of internet threats coming from the UK has increased in May, according to research by managed security firm, Network Box. The UK is now responsible for nearly six (5.9) per cent of the world’s internet viruses, up from three per cent in April. The only countries that produce more viruses than the UK are Korea (16.26 per cent) and the US (11.68 per cent). The US and India continue to dominate the production of the world’s spam, with the US producing 10.7 per cent, and India 7.1 per cent (similar figures from last month).
Russia has seen a decline in viruses produced from within its borders – possibly an early result of Russian hosting service, PROXIEZ-NET – notoriously used by criminal gangs – being taken down earlier this month.
(Source: Network Box)
Full story
Network Box
Internet security firm Sophos has warned Facebook users to be on the alert for a scam which sends a spam message to all of their friends on the social network. Sophos, in a pair of blog posts late Monday, said "hundreds of thousands" of Facebook users have fallen for the scam which it dubbed "likejacking." It said some Facebook users had received a message such as "This man takes a picture of himself EVERYDAY for 8 YEARS!!" and were encouraged to click on a link. "This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads," Sophos said.
That followed a similar scam that spread on Facebook the week before involving a fake posting tagged as the "sexiest video ever," according to Sophos.
(Source: AFP)
Full story
AFP
Monday, May 31, 2010
With the threat of cyber wars lurking, the International Telecommunications Union (ITU), a United Nation's arm, has asked countries to take the ‘no-first-attack' vow in order to avert chain of events. “There have been countries at (cyber) war already. A wrong attack could lead to a chain of events. Like they do with regard to nuclear arms, the countries should take a vow that they would not attack first,” Mr Hamadoun Toure, Secretary-General of ITU, said.
“We need to have an international framework to make cyber space peaceful. Some say, it might take 10 years. Even if it takes that long, we need to start now (to get there),” he said. “It will be like a cyber tsunami. It would be a catastrophe if a war were to start. In order to achieve a secure cyber space, countries should have a legal and regulatory framework, technological readiness (with a robust response team), a coordinated national effort and capacity building,” he said.
(Source: Business Line)
Full story
Business Line
According to the latest data by Trend Micro, a leading Internet security company, more than 2 million computers were hacked and 476 million spam e-mails were sent in Turkey between June 2009 and May 2010. With Internet an increasingly integral part of daily life, criminals are finding new playgrounds in cyberspace.
In 2004 there were 680 million Internet users and 3 million malwares globally. Six years later, the number of Internet users increased to around 1.7 billion, but malwares jumped 10-fold to 30 million. The nature of the Internet also makes it harder to track down a criminal of cyber crime, as it crosses borders and is hard to understand. “It is not like a bank robbery. There is no eyewitness or video footage,”
(Source: Hurriyet Daily News)
Full story
Hurriyet Daily News
Friday, May 28, 2010
"People that play these fast-paced games have better vision, better attention and better cognition," said Daphne Bavelier, an assistant professor in the department of brain and cognitive science at the University of Rochester. Bavelier was being a presenter at Games for Learning, a daylong symposium on the educational uses of video games and computer games. The event, the first of its kind, was an indication that electronic games are gaining legitimacy in the classroom.
President Barack Obama recently identified the creation of good educational software as one of the "grand challenges for American innovation," and the federal Department of Education's assistant deputy secretary for the Office of Innovation and Improvement, Jim Shelton, was to attend Thursday's conference. Panelists were to discuss how people learn and how games can be engineered to be even more educational. "People do learn from games,"
(Source: AP)
Full story
AP
A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union: As you can see, this is a typical message sent as spam that we have seen in many guises. It tries to pass itself off as some kind of official notification from well-known companies -anyone from UPS to Apple or even Panda- with the real aim of trying to trick users into running the attached file. However, this time when I saw the message I couldn’t help but smile. Why? Because I thought there was a certain irony about the message claiming to have been sent by Western Union, a company used by virtually all cyber-criminals.
Should we be pointing an accusatory finger at companies like Western Union? There are those who would argue that this is like criminalizing the Internet just because there are users that abuse its services. Fair enough. But if Western Union is just like any other company, why is it used so insistently by criminals?
(Source: PandaLabs)
Full story
PandaLabs
Thursday, May 27, 2010
On 23 November 2010 the Belgian Privacy Commission will organize an international conference on privacy and scientific research. The conference will take place in the context of the 2010 Belgian EU presidency and focuses on several target groups, first of all the European data protection authorities, but also national and international academics and researchers. Two areas of scientific research will be examined: historical and clinical-medical research. The conference is primarily intended as a discussion forum on best practices in both areas. That is why workshops will be organized alongside the traditional plenary sessions.
"Privacy & Scientific Research: from Obstruction to Construction" was opted for as the working title of the conference, the objective of the event being a reflection on how to integrate privacy protection in scientific research without making it an obstacle. And what's more, the quality of research will only be improved thanks to privacy protection.
(Source: Commission For The Protection Of Privacy)
Full story
Commission For The Protection Of Privacy
It might go against conventional wisdom, but a new report from the Pew Internet & American Life Project is adding fuel to the argument that young people are fast becoming the gurus of online reputation management, especially when it comes to social networking sites. Among other things, the study found that they are most likely to limit personal information online — and the least likely to trust free online services ranging from Facebook to LinkedIn and MySpace.
Marlene McManus, 21, is among those young adults. On the job hunt since graduating from Clark University in Massachusetts, she's been "scouring" her Facebook page, removing photos that contain beer cups and any other signs of college exploits. She's also dropped Twitter altogether. "I have to present a public face that doesn't have the potential to hurt my image," McManus says.
(Source: AP)
Full story
AP
Wednesday, May 26, 2010
CYBER-GEDDON has been overhyped, but IT security professionals need to find new ways of dealing with the never-ending threats, says Scott McIntyre, chief security officer for Amsterdam-based ISP XS4ALL Internet. "The sky is not falling, the situation is not as bad as many make out, but we need to accept that the internet has been 'pwned' (compromised or controlled by rivals)," he told the AusCERT 2010 conference on the Gold Coast last week. "We need to maintain a sense of proportion and adjust our expectations about internet security,"' he said.
"Not everything that happens is a major crisis, you don't need huge cyber bunkers because there's a worm on the network -- this should be your daily routine by now." Mr McIntyre, who is also a member of the Dutch computer security incident response team KPN-CERT, said the industry was stuck in "a weird loop of going backwards and forwards" on the same issues.
(Source: The Australian)
Full story
The Australian
Facebook Chief Executive Mark Zuckerberg said the Internet social network will roll out new privacy settings for its more than 400 million users, amid growing concerns that the company is pushing users to make more of their personal data public. "Many of you thought our controls were too complex," said Zuckerberg in an opinion piece published on Monday in The Washington Post.
"Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark," said the 26-year-old Zuckerberg, who co-founded Facebook in his Harvard dorm room in 2004. In the coming weeks, Zuckerberg promised, Facebook will add privacy controls that he said would be much simpler to use. Facebook will also give users an easy way to turn off all third-party services, Zuckerberg said.
(Source: Reuters)
Full story
Reuters
Malaysia’s Information Communication and Culture Minister, Datuk Seri Dr Rais Yatim, said that the country plans to work in collaboration with a number of countries in the fight against cyber crime. “The rise in cyber security attacks over the last few years reinforces the urgency to address the issue through the establishment of appropriate global frameworks for assessment and exchange of information related to cyber security,” he said at the opening of the World Information and Communication Summit in Seoul.
Last year the International Multilateral Partnership Against Cyber Threats (IMPACT) opened its global headquarters in Cyberjaya, Malaysia. IMPACT is a platform for governments and industry players to exchange ideas and best practices and work together in combating cyber threats.
(Source: Malaysia In Focus)
Full story
Malaysia In Focus
Friday, May 21, 2010
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.
The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum
(Source: Krebs on Security)
Full story
Krebs on Security
The UAE can lead international efforts to promote global cyber security and cyber peace and to avoid the use of cyberspace for conflict, said a former senior White House adviser on Tuesday. "The UAE can play a leading role in creating an international system for cyber peace. You can do that not just by computers. But you can do that by strategists and diplomats. And there is a great role for the UAE to play in helping the world step back from cyber war to create an international system for cyber peace," said Richard Clarke, who served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush.
Warning that cyber war is the next threat to UAE national security, Clarke argued physical defences akin to borders such as firewalls will remain essential, but given the high levels of cross-border connectivity in cyber world, new approaches for cyber security must include the international diplomatic dimension.
(Source: Gulf News)
Full story
Gulf News
Wednesday, May 19, 2010
Du 17 au 21 mai 2010 se tient à Ouagadougou un atelier sur la cybersécurité. Avec comme objectif de former les acteurs chargés de la sécurisation du cyberespace à la lutte efficace contre les cybermenaces, cette session connaît la participation de délégués de la Côte d’Ivoire, du Ghana, du Mali et du Nigeria. Les travaux dudit séminaire ont été ouverts par le Secrétaire général du Premier ministère, Paul Marie Compaoré.
Face aux spams, scams, virus, vers et autres cyberattaques, il est plus qu’urgent de développer des stratégies et des dispositifs de pointe à même de sécuriser les systèmes du cyberespace en le protégeant de toutes ces cybermenaces. C’est dans cette optique que l’Union internationale des télécommunications (UIT), en partenariat avec IMPACT et l’Autorité de régulation des communications électroniques (ARCE) du Burkina, organise du 17 au 21 mai 2010, un atelier sur la cybersécurité.
(Source: Le Faso)
Full story
Le Faso
Tuesday, May 18, 2010
Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.
Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time.
(Source: Krebs on Security)
Full story
Krebs on Security
Thousands of people have paid tribute on Facebook to an Australian teenager allegedly lured to her death by a man she met on the social networking site. The body of Nona Belomesoff was found two days after she went on a trip with the man, who told her they were going to rescue injured animals, police say. A 20-year-old man has been charged with Ms Belomesoff's murder at a creek south of Sydney.
Detectives say the case reinforces the need for vigilance when using Facebook. Ms Belomesoff, 18, is believed to have befriended Christopher James Dannevig, who police say set up a fake Facebook profile in which he claimed to work for an animal welfare group.
(Source: BBC)
Full story
BBC
Friday, May 14, 2010
Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.
According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.
(Source: Networkworld)
Full story
Networkworld
For all the Twitterers who were fretting about where their followers went earlier today, fear not. They're back. Twitter engineers have corrected a bug that was messing with users' followers on Monday. To fix the problem, Twitter engineers had to reset users' followers/following numbers to zero for a while around midday, according to Twitter's Status update.
"What we really see with social networking is that for any given tool, whether it's Twitter, Facebook or any other site, there is a hard core of very active users who care a lot about any problems, changes, or interruptions. These people are very vocal and opinionated -- passionate, in other words."
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, May 10, 2010
With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.
The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the email—one Mrs. Michelle Matins, Executive Vice President—was also the signatory for the 419 scam, aka the Nigeria scam.
(Source: Trend Micro)
Full story
Trend Micro
Cybersecurity needs a global rethink, and fast, Dell's CEO Michael Dell and Services CIO, Jim Stikeleather, have warned experts at the EastWest Institute Worldwide Cybersecurity Summit in the US. In separate presentations and briefings, the men developed the theme of piecemeal reactions to the rapid rise of crymber-criminality, which included economic crime and direct threats to critical infrastructure.
Governments haven't done enough and have fallen into the trap of seeing matters in a narrow, national way. Meanwhile, the security industry has been content to sell products without asking whether security was properly embedded into the way products are developed. "Governments and private industry need to work collaboratively to develop the appropriate international framework to secure cyberspace. We should all do this in a way that keeps our global information central nervous system intact and secure," said Michael Dell.
(Source: MIS Asia)
Full story
MIS Asia
Friday, May 07, 2010
As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.
Here are some of the key findings of the Consumer Reports survey: • A projected 1.7 million online households had experienced online identity theft in the past year. • An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. • Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. • An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.
(Source: PC World)
Full story
PC World
Cybersecurity experts from around the world meeting on ways to protect the Internet say they still have fears of "nightmare" scenarios in which attacks could cripple critical computer networks. "I live in a world of nightmares," Patrick Pailloux, director general of France's Network and Information Security Agency, told participants in the first Worldwide Cybersecurity Summit which ended on Wednesday. "Each subject is a nightmare: electricity, power grids, transportation, airplanes, water supply, finance, the banking system, the health system,"
Pailloux said. Pailloux was among the 400 participants from 40 nations who attended the meeting hosted by the EastWest Institute think tank to come up with ways to protect the world's digital infrastructure from cyber threats. The cybersecurity experts, government officials and business leaders agreed that only global cooperation could protect computer networks under constant attack from ever mutating viruses, worms, spam and a host of other dangers.
(Source: AFP)
Full story
AFP
Tuesday, May 04, 2010
Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.
To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.
(Source: The Register)
Full story
The Register
Friday, April 30, 2010
A new research report on online government from the Pew Research Center’s Internet & American Life Project shows that citizens are searching for information in unprecedented numbers. When they visit sites, they're increasingly making transactions and participating in discussion around policies. Forty-one percent have gone online to get forms, including tax forms, health forms or student aid forms, and 35 percent have researched government documents or statistics. Roughly one-third of all Internet users reported renewing driver's licenses and auto registrations online. In general, the use of government websites for information and transactions is nearly ubiquitous among Internet users, with 82 percent of online adults surveyed reporting one of the two activities.
(Source: Pew Research Center)
Full story
Pew Research Center
European ministers are considering establishing a new agency that would tie together law enforcement agencies and other entities dedicated to fighting cybercrime. The ministers released a set of goals they'd like to achieve over time. One of those is to gain more ratifications of the Council of Europe's Cybercrime Convention, the only international treaty covering computer crime. The treaty requires countries to adopt cybercrime laws, have contacts available 24 hours a day for fast-breaking investigations and other measures. Another medium-term goal focuses on revocation of domain names and IP (Internet protocol) addresses. The document doesn't spell out exactly the ministers' objectives there, as it is already standard procedure for many ISPs to shut down Web sites linked with bad behavior. The new agency would also be tasked with forging stronger bonds between various law enforcement and other organizations that deal with cybercrime, including Europol, Eurojust, Interpol and others.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, April 29, 2010
The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.
The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. Malware in general, and botnets in particular, are a Windows ecosystem problem. Some bloggers have taken exception to the German plan, and have described it as a state funded subsidy to Microsoft, arguing that the money would be better spent offering advice on how to switch to less virus-infected systems.
(Source: The Register)
Full story
The Register
Wednesday, April 28, 2010
Attorney General of the Federation (AGF), Mohammed Bello Adoke, has called for the establishment of computer forensic laboratories across the country either on zonal or state basis. The AGF said that the yet to be established laboratories would be federally funded and managed by government agency that would be designed to work closely with the military, police, paramilitary, state security service and all state and local law enforcement agencies.
The director, Digital Evidence and Cyber Forensic Institute, Arinze Emeka said the study on forensic analyses has become more important because present state of global technology. "You cannot do anything today without the use of the communication network. Before now, we have been used to the analog way of doing things. Virtually all functions of government in whatever manner they operate through the cyber space," he said.
(Source: NGR Guardian News)
Full story
NGR Guardian News
Blippy, a social networking site that allows users to share their purchases and discuss shopping with others, will revamp its security plans and hire a Chief Security Officer after an embarrassing incident in which the site accidentally published a few of its members' credit card numbers on Google.
Blippy Co-founder and CEO Ashvin Kumar said in a blog post this week that the slip-up occurred as a result of a technical oversight back in February that caused raw transaction data to appear within the HTML code on some Blippy pages for about half a day. Kumar said Blippy executives have hammered out a security plan that aims to prevent further security missteps. It includes hiring a Chief Security Officer and associated staff that will focus solely on issues relating to information security. Blippy will also undergo regular 3rd-party infrastructure and application security audits and create a security and privacy center, in addition to other measures included in the plan.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, April 27, 2010
Four U.S. senators want Facebook to make it easier for its more than 400 million users to protect their privacy as the website develops new outlets to share personal information. It marks the second time in the past three days that Schumer has expressed his misgivings about a series of changes that Facebook announced last week. The new features are designed to unlock more of the data that the online hangout has accumulated about people during its six-year history.
Schumer sent a letter Sunday to the Federal Trade Commission calling for regulators to draw up clearer privacy guidelines for Facebook and other Internet social networks to follow. The political pressure threatens to deter Facebook's efforts to put its stamp on more websites, a goal that could yield more moneymaking opportunities for the privately held company. Facebook's expansion "raises new concerns for users who want to maintain control over their information," the senators wrote in their preliminary draft.
(Source: AP)
Full story
AP
This paper presents the findings from the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency, conducted 1-3 February 2010 at Kyoto University in Kyoto, Japan. Program committee members chose to focus this year's conference on the theme of measuring the health of the DNS. As the entire Internet relies daily on the DNS, understanding its health – both at a given instant and as it changes over time – is critical for being able to reasonably predict the DNS's health outlook and to decide whether to take corrective measures.
The Symposium endeavored to analyze the state of understanding DNS health, the key vital signs for the DNS and how the community might approach improving measurement and assessment of DNS health.
(Source: ICANN)
Full story
ICANN
Monday, April 26, 2010
"A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"
(Source: Slashdot)
Full story
Slashdot
History was made the other evening when the UK's three wannabe prime ministers took centre stage for a TV debate. This was the culmination of weeks of rehearsals, practice runs and body language training. But what if I then tell you that every mobile phone call made by one of the campaign teams preparing for this TV event was secretly recorded and analysed, enabling their rival to understand everything from the campaign strategy through to the likely rebuttal to a particular question? Illegal? Of course. Farfetched? No longer. The past few months has seen the mobile phone industry thrown into turmoil as the computer hacking community has carried out successful attacks against mobile phone call security. I wrote an article about such a hack a while back, but at that point it remained a theory rather than a practical way to listen into mobile phone calls.
(Source: IT Director)
Full story
IT Director
Friday, April 23, 2010
Facebook brings families closer together. But as with any medium, Facebook is sometimes abused, occasionally to damaging effect. The Facebook Privacy Settings options let you control who has access to your personal information. The page includes a Block List that prevents contact with the people and e-mail addresses you specify without their knowledge.
The Safety for Parents section of the Safety Center describes what to do if your child views inappropriate content on a Facebook page, how to help a child report abusive conduct, and how to delete an account of a child under the age of 13. Much of the information in this section parrots the entries on the Safety for Teens page, but it does include links to in-depth articles by Common Sense Media on security for teens online.
(Source: CNet News)
Full story
CNet News
Attackers have begun exploiting a design flaw in Adobe's PDF format to spread the Zeus botnet, only days after the publication of a proof-of-concept exploit for the flaw, according to security researchers.
On Wednesday, researchers at M86 Security said they had discovered emails claiming to originate from Royal Mail with PDF attachments exploiting the flaw. The attachment attempts to run an executable file that installs the Zeus Trojan on a user's system. Zeus attempts to steal banking information by logging a user's keystrokes. It also attempts to make a user's system part of the Zeus botnet.
(Source: ZDNet)
Full story
ZDNet
Thursday, April 22, 2010
The government is expanding its scholarship program for students in cybersecurity fields. About 108 universities participate in the 9-year-old Scholarship for Service program, which covers up to two years of tuition in exchange for two years of federal service. More schools, including community colleges, will be added in June, White House cybersecurity coordinator Howard Schmidt said Tuesday at the Interagency Resources Management Conference.
The expansion will be announced at the annual Colloquium for Information Systems Security Education — a conference that brings together academic, government and industry cybersecurity professionals — in June in Baltimore, Schmidt said.
(Source: Federal Times)
Full story
Federal Times
Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.
1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.
(Source: Infosec Island)
Full story
Infosec Island
Wednesday, April 21, 2010
Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days.
"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/." Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.
(Source: ComputerWorld)
Full story
ComputerWorld
Text messaging rises sharply among teens and is now their most frequent form of communication with friends. 72% of those ages 12-17 now are texters and the average young text user exchanges 1,500 texts per month.
Cell phones are mixed blessing to American families, bringing safety and connection along with disruption and irritation. Daily text messaging among American teens has shot up in the past 18 months from 38% of teens texting friends daily in February of 2008, to 54% of teens texting daily in September 2009. In fact, text messaging has become the most frequent way that teens reach their friends, surpassing face-to-face meetings, email, instant messaging and voice calling as a daily communications tool. However, cell phone calling is still the preferred mode that teens use to connect with their parents.
(Source: Pew Research Center)
Full story
Pew Research Center
Tuesday, April 20, 2010
A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected.
"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," said Mr Ferguson.
(Source: BBC)
Full story
BBC
Police hunting a hacker who had attacked a US school's systems found themselves cornering a "very intelligent" 9 year old instead, it has emerged. When passwords for teachers at Spring Hill Elementary, Virginia, were changed without authorisation the school board initially thought a hacker had broken into the school district's Blackboard system. Police were called in to investigate in mid-March and were quickly able to trace the incident back to a PC at the home of a 9 year-old school student.
The youngster's mother was initially chief suspect in the hack but after speaking to her and and her son police came to the surprising conclusion that they were dealing with a 'kindergarden' hacker.
(Source: The Register)
Full story
The Register
Monday, April 19, 2010
A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code. The plugin, called Fireshark, was released on Wednesday at the Black Hat conference. The open-source free tool is designed to address the shortcomings in other programs used to analyze malicious Web sites, said Stephan Chenette, a principal security researcher at Websense, which lets Chenette develop Fireshark in the course of his job. Hackers often target legitimate Web sites with code that can either infect a machine with malicious software or redirect a user to a bad Web page.
(Source: InfoWorld)
Full story
InfoWorld
Is it cyberbullying if kids post mean comments and then say they were “just joking”? Is it wrong for a boy to pressure his girlfriend to send racy text messages? For teenagers, these questions don’t necessarily have clear answers. Associated Press MTV is trying to get teens themselves to support each other in standing up to behavior that crosses over into “digital abuse” — use of technologies such as texting and social networking to bully, harass and intimidate people.
The network introduced a new online tool called Over the Line this week that allows young people to post about their problem and have peers say whether the behavior is acceptable. The posts and comments are moderated, to make sure bullying doesn’t become a problem in the tool itself.
(Source: The Wall Street Journal)
Full story
The Wall Street Journal
Friday, April 16, 2010
The report, from researchers at the University of California, Berkeley and the University of Pennsylvania, is among the first quantitative studies looking at young people's attitudes toward privacy as government officials and corporate executives alike increasingly grapple with such issues.
Among the findings:
• Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54.
• Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.
(Source: AP)
Full story
AP
Africa's spending in IT security has risen and is expected to continue growing as more people access affordable connectivity and companies embrace smartphones and social media in work places. According to IDC, Africa's IT spending is high compared to the GDP, with South Africa leading with IT security spending of 3.8 percent of its GDP. Mauritius, Morocco spend 1.1 percent of GDP on IT security while Egypt, Kenya, Nigeria, Tanzania and Ethiopia spend less than 1 percent.
"The focus from criminals is to steal data and monetize that; they blend their attacks across multiple vectors; URL lists and signature based security mechanisms cannot keep up with zero-day threats," said Mike Hibbert, director for Websense in Africa.
(Source: IDG Magazines)
Full story
IDG Magazines
Thursday, April 15, 2010
Microsoft today patched 25 vulnerabilities in Windows, Exchange and Office, including nine marked "critical," the company's highest threat ranking. But researchers were unanimous in urging users to immediately apply two of the 11 updates, which address major bugs in Windows Media Player and an important video file format, to block drive-by attacks that will quickly spread on the Web.
The patches also fixed eight flaws pegged as "important," the next-lowest step in Microsoft's four-stage scoring system, and another eight tagged as "moderate." Five of today's 11 update packages were marked critical, while five were labeled important and the remaining one as moderate. Security experts directed users' attention to a pair of updates that addressed issues in Windows' media infrastructure.
(Source: ComputerWorld)
Full story
ComputerWorld
Facebook is employing aggressive legal means in combination with technical measures in order to stop hackers from abusing its social-networking site, according to its chief security officer, Max Kelly. Facebook Chief Security Officer Max KellyThe company is constantly under fire from hackers trying to spam its 400 million registered users, harvest their data or run other scams. Facebook's security team started off with just a few people, said Kelly, who began working at Facebook in 2005 after a stint as an FBI computer forensic analyst.
As many as 10% of Facebook's 1,200 employees are involved in security-related functions for the site, Kelly said. Its core security team consists of 20 people, a site integrity team of around 15 people and 200 others who are part of a user operations team that monitors illegal activity.
(Source: ComputerWorld)
Full story
ComputerWorld
Wednesday, April 14, 2010
Two senators yesterday introduced a bill that seeks to build a multilateral framework to mitigate and respond to disrupting cyber attacks.
The bill, sponsored by Sens. John Kerry, D-Mass., and Kirsten Gillibrand, D-N.Y., would create an ambassador-rank coordinator position at the State Department that would advise the secretary of State on international cyberspace and cybersecurity issues. The coordinator would promote development of a strategy for international cyber engagement, including considering the utility of negotiating a multilateral framework that would provide internationally acceptable principles to mitigate cyberwarfare.
(Source: Federal Times)
Full story
Federal Times
Cell phones, texting, IM, e-mail, Facebook, MySpace -- kids are interconnected today in ways hardly imagined two decades ago. But these technology-based communication platforms also enable new forms of an age-old parenting strategy: monitoring your kids.
Is it any easier to put the proper measures in place to ensure your child's security since you already have an expertise in this area? Or do you go overboard because of you are hyperattuned to risk? And what is the right balance of freedom and guidance to provide for kids? Turns out it was tricky issue before social networking, and remains tricky now. Here are views and strategies collected from an array of security professionals.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, April 13, 2010
A British child protection agency said it has pressed Facebook to add "panic buttons" to its pages after the murder of a teenager was linked to the site. Jim Gamble, chief executive of the Child Exploitation and Online Protection Centre (CEOP), said the social networking giant did not agree to his demands outright at a meeting in Washington but he felt they were moving in the right direction. Speaking after a four-hour meeting Monday, Gamble said Facebook was close to "doing the right thing" but urged the website to turn "words into action."
Calls have since grown for the inclusion of the buttons -- which allow youngsters who feel threatened online to quickly contact a number of sources of help, such as CEOP or anti-bullying helplines. Politicians, police and anti-bullying groups have voiced outrage that the online giant will not bow to demands to include the system.
(Source: AFP)
Full story
AFP
Monday, April 12, 2010
The case of a teenager in Massachusetts who killed herself after a relentless, months-long bullying campaign shows how the common schoolyard behavior is evolving in dangerous new ways online.
Six students face felony charges in the death of Phoebe Prince, 15, who hanged herself in January after being subjected to verbal assault and threats of physical harm. Some harassment occurred online on Facebook, in text messages and in other high-tech forms, a contemporary development in the age-old practice, experts said.
(Source: Reuters)
Full story
Reuters
In a decision that could set new ground rules for Internet privacy in the workplace, New Jersey's Supreme Court has ruled an employer was wrong in retrieving e-mails between a former employee and her attorney, even though they were sent from a company computer.
"Courts are looking more closely at privacy claims in the digital worklplace," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a Washington, D.C.-based public-interest research group. "Just because a person is using a company computer doesn't mean they leave all their rights to privacy at the door."
(Source: AP)
Full story
AP
Thursday, April 08, 2010
Suing your parents isn't just for celebrities anymore--a 16-year-old Arkansas boy is suing his mother for hacking into his Facebook account and allegedly posting slanderous remarks. ATV-TV reports that Denise New of Arkadelphia is facing harassment charges from her 16-year-old. Her son, who lives with his grandmother, also requested a no-contact order. Prior to this issue, New and her son reportedly had a "great relationship," despite their living arrangements.
According to the boy, his mother hacked into his Facebook and email accounts, then changed both passwords. She also allegedly posted remarks that involved slander and information about his personal life. New admits to changing the passwords, but denies hacking--she claims he left his account logged in on her computer.
(Source: PC World)
Full story
PC World
Tuesday, April 06, 2010
Link-shortening services such as TinyURL seem ideal for criminals because they can disguise the names of malicious sites. Yet on Twitter — one of the most popular places for them — they may not be nearly as malicious as many industry experts fear, according to new security research. Zscaler Inc., a company that sells security services, studied 1.3 million shortened links taken from Twitter over two weeks, before Twitter began in early March to examine such links for malicious content.
Just 773 of those links — a mere 0.06 percent — led to malicious content. Link-shortening services convert long Web addresses into shorter ones. They have become more popular as people spend more time on social-networking sites and share with their friends links to photos, news articles and other tidbits. They are especially important on Twitter, which restricts its posts to 140 characters.
(Source: AP)
Full story
AP
Friday, March 26, 2010
One of the world's most notorious computer hackers was sentenced to 20 years in prison on Thursday after he pleaded guilty to helping run a global ring that stole tens of millions of payment card numbers. Albert Gonzalez, a 28-year-old college dropout from Miami, had confessed to helping lead a ring that stole more than 40 million payment card numbers by breaking into retailers including TJX Cos Inc, BJ's Wholesale Club Inc and Barnes & Noble.
It was the harshest sentence ever handed down for a computer crime in an American court, said Mark Rasch, former head of the computer crimes unit at the U.S. Department of Justice. Gonzalez and conspirators scattered across the globe caused some $200 million in damages to those businesses, said Assistant U.S. Attorney Stephen Heymann.
(Source: Reuters)
Full story
Reuters
Thursday, March 25, 2010
Four countries and two territories have won preliminary approval to have Internet addresses written entirely in their native scripts as early as this summer.
Rules are being developed to make sure that addresses in either script go to the same Web sites. Since their creation in the 1980s, Internet domain names such as those that end in ".com" have been limited to 37 characters: the 10 numerals, the hyphen and the 26 letters in the Latin alphabet used in English. Technical tricks have been used to allow portions of the Internet address to use other scripts, but until now, the suffix had to use those 37 characters.
(Source: AP)
Full story
AP
Wednesday, March 24, 2010
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru.
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru. "We would expect to see high concentrations of compromised machines in areas with high concentrations of Internet saturation and urban population," said Team Cymru director, global outreach, and former Scotland Yard detective, Steve Santorelli.
(Source: IDG Connect)
Full story
IDG Connect
Tuesday, March 23, 2010
International police agency Interpol launched Monday a "most wanted" site for suspected child sex offenders across the Group of Eight (G8) most industrialised nations. The "G8 Wanted Child Sex Offender" site, accessible via Interpol's homepage (www.interpol.int), draws together information from G8 members the United States, Canada, Britain, France, Germany, Italy, Japan and Russia.
It includes photographs of people wanted on charges of abuse and enables the public to access to information about how to report missing sex offenders who may have crossed borders.
(Source: AFP)
Full story
AFP
Monday, March 22, 2010
In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures. Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers.
Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified. Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.
(Source: PC World)
Full story
PC World
Friday, March 19, 2010
Hollywood and Bollywood linked arms Thursday to fight piracy, with the announcement of a coalition among the Motion Picture Association of America and seven Indian companies to tackle counterfeiting in one of the world's largest film markets.
The alliance comes as Hollywood tries to tap global markets more aggressively and as Indian movie studios grow in size and stature — narrowing the gap between Indian and U.S. filmmakers, who have not always seen eye-to-eye on intellectual property issues. A year in the making, the coalition to fight film piracy in India will work with movie theaters to crack down on camcorder piracy — the source of 90 percent of all pirated DVDs — with police to tighten enforcement, with Internet service providers to fight Internet piracy and with politicians to create more effective laws.
(Source: AP)
Full story
AP
Thursday, March 18, 2010
Spam levels have not been dented by a series of strikes against controllers of networks of hijacked computers. Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems. The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts. And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.
"Most non-commercial spam these days is aimed solely to get you to click on a link, even out of curiosity," he said. "As soon as you click on that link, you're infected, most likely to become yet another botnet victim, have your identity and information stolen and go on to participate, all unknowingly in the infection of further victims."
(Source: BBC)
Full story
BBC
Monday, March 15, 2010
The government has added fresh resources to the fight against cybercrime with the launch of a £4.3m programme to help combat fraud, estimated to cost UK consumers £3.5bn per year. The programme, which aims to take down scam websites, was launched by the Department for Business, Innovation and Skills this week. Under the scheme, up to 300 of the UK's approximately 3,000 existing trading standards officers will receive "intermediate" level training in tackling cybercrime.
In addition, a new cyber enforcement team within the Office of Fair Trading (OFT) will be set up. The team will lead investigations into websites selling fake or non-existent goods, tickets or services online, and will have an attached digital forensics lab that will be available to all OFT staff.
(Source: Silicon)
Full story
Silicon
Friday, March 12, 2010
Reporters Without Borders issued the third annual report ahead of Friday's World Day Against Cyber Censorship, an awareness campaign organized by the Paris-based media advocacy group. Le Coz said repressive regimes seemed to be winning a technological tussle with dissidents who try to circumvent online restrictions. "Enemies of the Internet" list, got more sophisticated at censorship and overcoming dissidents' attempts to communicate online, said Reporters Without Borders' Washington director, Clothilde Le Coz.
Including Cisco Systems Inc., which has been criticized by activists who say that it sells networking equipment that could be used in official efforts to monitor and control Internet use. In a statement Thursday, the company reiterated that it does not provide any government with any special capabilities, and said products sold in China are the same ones sold elsewhere.
(Source: AP)
Full story
AP
Thursday, March 11, 2010
Fraudsters are continuing their switch from traditional card fraud to raiding online bank accounts, according to new research. Fraud losses on UK credit and debit cards totalled £440m in 2009 - a drop of 28% compared with the previous year - the UK Cards Association said. But the number of "phishing" attacks rose by 16% in the same period. This is when fraudsters trick people into entering their personal details on a website or in an e-mail.
Overall losses from card fraud fell last year. Chip-and-pin was highlighted as the major factor behind an 11% fall in fraud on lost and stolen cards - now at its lowest for two decades.
(Source: BBC)
Full story
BBC
Wednesday, March 10, 2010
Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service.
Phishing scams on Twitter usually involve attackers trying to obtain the login credentials of Twitter users, and then sending spam messages from the stolen accounts in a bid to make money, Twitter said on its blog last month. Twitter also fights phishing scams by watching for affected accounts and resetting passwords, it said. Phishing attacks ballooned on Twitter last year as the service grew in popularity. Twitter's new link-screening service comes after it last year started using Google's Safe Browsing API to check for malicious content in links posted by users.
(Source: PC World)
Full story
PC World
Tuesday, March 09, 2010
The Internet was built on freedom of expression. Society wants someone held accountable when that freedom is abused. And major Internet companies like Google and Facebook are finding themselves caught between those ideals. Such may have been the case when three Google executives were convicted in Milan, Italy on February 24 over a bullying video posted on the site -- a verdict greeted with horror by online activists, who fear it could open the gates to such prosecutions and ultimately destroy the Internet itself.
Matt Sucherman, a Google vice president and general counsel, wrote in a blog post that the company was "deeply troubled" by the case, saying it "attacks the very principles of freedom on which the Internet is built."
(Source: Reuters)
Full story
Reuters
Monday, March 08, 2010
This three-day event fosters opportunities for IT and Telecommunication professionals to network, build relationships, and explore new ideas. It brings together IT professionals, developers, decisions and policy makers, governmental officials, experts, consultants, industry leaders, bankers, law enforcement officials, academics, networks security managers, database administrators, IT marketing executives, surveyors, etc. to share their protection experience in IT security and exchange ideas on most emerging technology trends, applications and practices.
Kuwait ICT Security Forum aims to keep you at the forefront of the latest security developments. Don't miss this opportunity to learn fresh approaches and develop innovative strategies and tactics to defeat today's biggest information security threats.
(Source: Kuwait ICT Security Forum)
Full story
Kuwait ICT Security Forum
Friday, March 05, 2010
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China -- the presumed source of the attack -- as a result.
Researchers investigating the Google attack -- thought to have affected at least 100 companies including Intel, Adobe and Symantec -- say that prime targets of the hackers were the source code management systems used by software developers to build code.
(Source: PC World)
Full story
PC World
Wednesday, March 03, 2010
Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.
Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
(Source: The New Zealand Herald)
Full story
The New Zealand Herald
Tuesday, March 02, 2010
Four California men were charged on Monday with using sophisticated computer programs to fraudulently obtain more than a million tickets to concerts and sporting events and reselling them for a profit estimated at $29 million.
The company was able to snap up the best seats as soon as they were made available online because the programs were able to complete transactions more quickly than real humans vying for tickets manually. For example, Fishman said, Wiseguy bought nearly half the 440 available floor tickets for a Bruce Springsteen concert at Giants Stadium in 2008. In most cases, individual buyers are restricted to a maximum of four tickets.
(Source: AP)
Full story
AP
Friday, February 26, 2010
Security experts are split over the effectiveness of Microsoft's efforts to shut down a network of PCs that could send 1.5 billion spam messages a day. The firm persuaded a US judge to issue a court order to cripple 277 internet domains used by the Waledac botnet. Botnets are usually armies of hijacked Windows PCs that send spam or malware. "We aim to be more proactive in going after botnets to help protect the internet," said Richard Boscovich, the head of Microsoft's digital crime unit.
Security firm Symantec has estimated that over 80% of unsolicited e-mail comes from botnets.
(Source: BBC)
Full story
BBC
Thursday, February 25, 2010
The International Women Day (8th of March), once again will provide the European Commission with an occasion to address the role of women in the ICT sector. However, this year, substantive changes have been introduced to the formula of the event, starting from the location: Cyprus. The intention is to move the discussion to Member States which have only recently joined the European Union adventure, exactly where women's potential is particularly untapped and where fresh ideas could bloom. This year the debate on women and ICT will be embedded in a broader initiative encompassing other ICT related issues. The event will comprise workshops targeting women willing to set up consortia and submit proposals for future calls.
(Source: Europe's Information Society)
Full story
European Comission
Wednesday, February 24, 2010
Intel was the victim of a cyber attack similar to the one experienced by Google, the company revealed Monday. "We regularly face attempts by others to gain unauthorized access through the Internet to our information technology systems," Intel said in regulatory filings posted by The New York Times. "One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google."
Attacks have included people who masqueraded as authorized users or those who used "surreptitious introduction of software," Intel said. "These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful."
(Source: PC Magazine)
Full story
PC Magazine
China has issued new restrictions on Internet use, requiring those wanting to set up a website to meet regulators and provide identity documents, in a move slammed Wednesday by one rights group. The new rules come as the United States has stepped up pressure on Beijing to break down its vast system of web controls -- the so-called "Great Firewall of China" -- for the more than 380 million people now online in the country.
Washington issued those calls after US Internet giant Google said last month it was considering pulling out of China over cyberattacks and Chinese government censorship of its search results. China's Ministry of Industry and Information Technology issued the new guidelines to local authorities on February 8 and lifted a ban imposed in December on individuals acquiring .cn domain names, state media said Tuesday.
(Source: AFP)
Full story
AFP
Monday, February 22, 2010
There are two aspects you have to consider when negotiating security and privacy with a service provider. First, you have to have the correct principles encoded in your contract. Second, you have to worry about how well they are executed by the provider. If you read most service contracts you will see that "law enforcement assistance" sections are usually vague. It is up to you to negotiate terms that address key issues of data protection and safeguard your rights:
* Demand that law enforcement requests are properly documented. Show me the warrant. A phone call from agent Bob at headquarters is not a warrant.
* Demand that you are notified of any requests that may affect your data. You have the right to contest warrants in court and most corporations do contest them.
* Demand that each data access request, whether granted or not is documented.
(Source: ComputerWorld)
Full story
ComputerWorld
An online survey of 895 Web users and experts found more than three-quarters believe the Internet will make people smarter in the next 10 years, according to results released on Friday. Most of the respondents also said the Internet would improve reading and writing by 2020, according to the study, conducted by the Imagining the Internet Center at Elon University in North Carolina and the Pew Internet and American Life project.
"Three out of four experts said our use of the Internet enhances and augments human intelligence, and two-thirds said use of the Internet has improved reading, writing and the rendering of knowledge," said study co-author Janna Anderson, director of the Imagining the Internet Center.
(Source: Reuters)
Full story
Reuters
Friday, February 19, 2010
A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.
Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, Butler will face five years of supervised release and must pay US$27.5 million in restitution to his victims, according to Assistant U.S. Attorney Luke Dembosky, who prosecuted the case for the federal government. Dembosky believes the 13 year sentence is the longest-ever handed down for hacking charges.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, February 18, 2010
A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness. The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine." The company said the attack was first discovered in January during a routine deployment of NetWitness software.
(Source: Reuters)
Full story
Reuters
Wednesday, February 17, 2010
A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said Tuesday. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue. This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.
The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."
(Source: PC World)
Full story
PC World
Monday, February 15, 2010
A man has appeared before magistrates in Truro charged with four sex offences following an investigation into children being groomed on the internet. Michael Williams, 28, of Tresooth Lane, Penryn, was charged with sexual assault and grooming a girl under 16 and two counts of making indecent images. The inquiry centres around pupils from Falmouth School and Penryn College. Mr Williams, who was remanded in custody, is not a teacher and is not directly connected with the schools. Letters have been sent to parents of pupils at Falmouth School and Penryn College informing them of the investigation.
(Source: BBC)
Full story
BBC
Former top US intelligence officials will become cyberwarriors on Tuesday in a simulation of how the US government would respond to a massive cyberattack on the United States. "The scenario itself is secret," said Eileen McMenamin, vice president of communications for the Bipartisan Policy Center (BPC), which is hosting the event dubbed "Cyber ShockWave." "The participants don't even know what it is," McMenamin told AFP. "None of them know what's going to transpire."
Former president George W. Bush's Homeland Security chief Michael Chertoff will play the role of National Security Advisor to the president while former Director of National Intelligence John Negroponte will be Secretary of State.
(Source: AFP)
Full story
AFP
Friday, February 12, 2010
50% of European teenagers give out personal information on the web – according to an EU study – which can remain online forever and can be seen by anybody. Today, Safer Internet Day, the European Commission is passing a message to teenagers: "Think before you post!" It welcomed actions to protect children using social networking websites taken by the 20 companies who signed the Safer Social Networking Principles last year (IP/09/232 ).
Most of these companies have empowered minors to tackle online risks by making it easier to change privacy settings, block users or delete unwanted comments and content. Yet more needs to be done to protect children online, the Commission says. Less than half of social networking companies (40%) make profiles of under-18 users visible only to their friends by default and only one third replied to user reports asking for help.
(Source: Europa)
Full story
Europa
Thursday, February 11, 2010
The government has called on the mobile phone industry to do more to protect handset owners against theft. Alan Campbell, Minister for Crime Prevention, said firms "have a social and a corporate responsibility to tackle crime". Around 2% of British mobile phone users report they have suffered a theft in the last year, although for teenagers the figure is three times higher.
The government's call comes as the Home Office unveiled the winning designs in a crime prevention contest, aimed at making mobile phones less attractive to thieves. Designs included an alarm that sounds when a phone is too far from its owner and locks the handset.
(Source: BBC)
Full story
BBC
Tuesday, February 09, 2010
Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.
The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.
(Source: AP)
Full story
AP
Monday, February 08, 2010
China has closed what it claims to be the largest hacker training website in the country and arrested three of its members, domestic media reported on Monday.
The "Black Hawk Safety Net" website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee, the Wuhan Evening News newspaper reported this weekend, citing police in Huanggang, just east of Wuhan.
(Source: Reuters)
Full story
Reuters
Thursday, February 04, 2010
Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.
For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post. However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, February 02, 2010
Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Fifty-seven percent of users surveyed reported getting spammed via social-networking sites -- an increase of 70.6 percent from 2008. And 36 percent say they have been sent malware via social-networking sites, a 69.8 percent increase.
(Source: NewsFactor Network)
Full story
NewsFactor Network
Thursday, January 28, 2010
China will gradually move to cut censorship of the Internet, but it will take a long time, the man credited with inventing the World Wide Web said Wednesday.
Commenting on Google's threat to pull out of China, Tim Berners-Lee said Beijing was having to move "carefully" in opening up Internet openness, but said the "genie is out of the bottle" in terms of access. "I think that openness increases steadily. Every time you open it the genie comes out of the bottle and it's very difficult to put it (back) in the bottle," he told AFP. Speaking on the sidelines of the World Economic Forum (WEF) annual meeting in Davos, Switzerland, he said: "The Internet has a tradition of bit by bit increasing openness.
(Source: AFP)
Full story
AFP
Wednesday, January 27, 2010
The design of the future German identity card has been unveiled. Credit-card sized and made of polycarbonate, it will be issued from November 2010 on. The new card aims to ease the citizens' transactions with government and businesses and to increase security as well as to enhance public confidence in electronic services.
The front side has the image of the federal eagle, whereas on its reverse side the Brandenburg Gate is depicted. The new card contains numerous security features in order to increase protection against forgery. A special feature is that the holder's details are digitally stored. It is also capable to carry a digital signature. Both features will allow card holders to complete commercial online transactions as well as official business with government offices.
(Source: eGov Monitor)
Full story
eGov Monitor
Tuesday, January 26, 2010
If you have thousands of friends on Facebook, most of them are not your real friends, reports The Sunday Times of London.
According to a recent study by Oxford University professor of Evolutionary Anthropology Robin Dunbar, a human brain is limited to keeping up with about 150 meaningful relationships, regardless of how many Facebook friends you might have. This is in line with Dunbar's earlier research on the matter, in which he concludes that there exists a theoretical "sweet spot" for the number of relationships a human can effectively manage. Throughout history, people have formed social groupings of about 150, as larger groupings quickly begin to deteriorate and lose social cohesion.
(Source: PC World)
Full story
PC World
Monday, January 25, 2010
The 'Health-e-Space' website has gone online in Moray, Scotland, aiming to encourage individuals to play an active role in personal health matters by providing them with a series of online tools and information.
The website allows anybody living in Moray to become a member and to obtain local health information, links to recommended websites and suggestions on how to live with health conditions. Its sister website, the 'Health-e-Space Community', serves as a social networking platform for people to share their health concerns and experiences among them in the Moray area.
(Source: eGov Monitor)
Full story
eGov Monitor
Friday, January 22, 2010
Egypt, Russia, Saudi Arabia and the United Arab Emirates are the first countries to win preliminary approval for Internet addresses written entirely in their native scripts. Since their creation in the 1980s, Internet domain names have been limited to the 26 characters in the Latin alphabet used in English, as well as 10 numerals and the hyphen. Technical tricks have been used to allow portions of the Internet address to use other scripts, but until now, the suffix had to use those 37 characters.
An announcement Thursday by the Internet Corporation for Assigned Names and Numbers, known as ICANN, paves the way for an entire domain name to appear in Cyrillic or Arabic by the middle of this year. Applications for strings in other languages are pending.
(Source: AP)
Full story
AP
If Your Password Is 123456, Just Make It HackMe. Back at the dawn of the Web, the most popular account password was “12345.” Today, it’s one digit longer but hardly safer: “123456.”
Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug. According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.
(Source: The New York Times)
Full story
The New York Times
Thursday, January 21, 2010
For the first time, the Ministerial High Level Conference on eHealth and the World Health IT Conference and Exhibition are being held in the same week in a joint initiative called “e-Health Week 2010”, the most prestigious event in the European eHealth sector. Barcelona International Conventions Centre (CCIB) will open its doors from March 15 to 18 to receive the European meeting most attended by the healthcare sector interest groups.
March 15 will see the start of the High Level eHealth Conference, an E.U. event organised by the Spanish Presidency of the E.U., the European Commission, the Government of Catalonia and the TicSalut Foundation. The conference is presented under the motto of “eHealth for sustainable healthcare: global changes through local actions”
(Source: eHealth Week)
Full story
eHealth Week
Hundreds of tech volunteers spurred to action by Haiti's killer quake are adding a new dimension to disaster relief, developing new tools and services for first responders and the public in an unprecedented effort. "It really is amazing the change in the way crisis response can be done now," said Noel Dickover, a Washington, D.C.-based organizer of the CrisisCamp tech volunteer movement, which is central to the Haiti effort. "Developers, crisis mappers and even Internet-savvy folks can actually make a difference."
Another volunteer project forged in the quake's aftermath is a cell phone text-messaging system that has helped the U.N., Red Cross and other relief groups dispatch rescuers, food and water.
(Source: AP)
Full story
AP
Wednesday, January 20, 2010
The World Economic Forum today released its study on Scaling Opportunity: Information and Communications Technology for Social Inclusion, an analysis of how ICT is evolving to address the social and economic needs of the poor. The study notes that, as 4 billion people have access to the global communications infrastructure, the opportunity to create innovative and inclusively tailored solutions for connecting the unconnected is extraordinary.
Along with highlighting the rapid adoption rate of mobile phone usage within emerging economies, the report focuses on the question: “What’s next?”
(Source: eGov Monitor)
Full story
eGov Monitor
Hackers are attacking consumers with an exploit of Internet Explorer (IE) that was allegedly used last month by the Chinese to break into Google's corporate network, a security company said Monday.
That news came on the heels of warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser, such as Firefox, Chrome, Safari or Opera, until Microsoft fixes the flaw. In a Monday alert Websense said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, January 19, 2010
A man who ran a music-sharing website with almost 200,000 members has been found not guilty of conspiracy to defraud at Teesside Crown Court. Alan Ellis, 26, was the first person in the UK to be prosecuted for illegal file-sharing. He operated the site, called Oink, from his flat in Middlesbrough from 2004 until it was closed down in a police raid in October 2007. In that time Oink facilitated the download of 21 million music files.
(Source: BBC)
Full story
BBC
Monday, January 18, 2010
The U.S. Federal Bureau of Investigation is advising people to be careful when evaluating donation programs related to the earthquake in Haiti as one security firm is already seeing scam e-mails circulate. People should apply a "critical eye" to requests for financial donations following Tuesday's earthquake in Haiti, which caused an unknown number of deaths and severe damage to the country's infrastructure.
Scam e-mails are already emerging. Symantec noted a so-called 419-style e-mail that purported to come from the British Red Cross. A 419 scam, named after the number of a statute in Nigeria's criminal code banning the practice, is one in which an e-mail or a letter implores a person to send money for some bogus reason.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, January 14, 2010
Facebook is trying to strengthen security on its Web site with some outside help. Computer security company McAfee Inc. will now scan and repair the computers of Facebook users whose accounts have been compromised, the company said Wednesday. The scanning process will be added to the steps that Facebook already makes the users of such accounts go through if they want to reclaim their pages.
Facebook says spam and viruses affect a tiny percentage of its users. But hackers are increasingly targeting the social sites as they become a core part of the Web. Spokesman Barry Schnitt said Facebook spends a lot of time and resources to keep users' accounts secure.
(Source: AP)
Full story
AP
Wednesday, January 13, 2010
The cyber threat environment is constantly changing and becoming more challenging with every day that passes. Malware grew last year at the highest rate in 20 years. Multiple security reports showed that more than 25 million new strains of malware were identified in 2009.
Forecasts suggest that 2010 will again see unprecedented growth in malware and the trend is expected to continue for the foreseeable future. Not only will the cyber attack volume escalated dramatically, but the sophistication of malware delivery modalities will also become much more sophisticated and dangerous. In addition, social networking sites will become major targets of choice for cyber criminals.
(Source: Defense Tech)
Full story
Defense Tech
Despite the prevalence and popularity of social networking sites like Facebook, almost a third of respondents said that they preferred to meet friends face-to-face, although 44 percent said the internet made it easier to keep in touch with them. More than seven in 10 children said their most common use of the Internet was for gaming, while 59 percent said that they used the worldwide web in the course of doing their homework. The youngsters from Britain, Germany, France, Spain, Italy and Poland also expressed a strong sense of social responsibility, with 90 percent saying it was important to look after the planet, and 74 percent saying they recycled regularly.
They've never known a world without the Internet, but they still prefer to meet their friends offline.
(Source: Reuters)
Full story
Reuters
Tuesday, January 12, 2010
Violent video games have "a much bigger negative influence on kids" than pornography, a leading porn star has claimed. He said parents should be more worried about the harmful effects of such games. Mr Jeremy's comments were made at a session called the Great Porn Debate during the Consumer Electronics Show, CES, in Las Vegas. His comments angered gamers, who accused him of "ignorance".
Mr Jeremy also urged parents to play their part in preventing children from accessing adult websites. He said the industry already does all it can to protect youngsters. "Parents can block this stuff and need to stop blaming porn for a bad case of parenting," Mr Jeremy told BBC News.
(Source: BBC)
Full story
BBC
Hackers calling themselves the Iranian Cyber Army briefly hijacked the home page of China's top search engine, Baidu Inc, on Tuesday weeks after doing the same thing to Twitter.com.
Media carried screenshots of Baidu's home page showing a message: "This site has been hacked by Iranian Cyber Army" against a dark background and the flag of Iran. The group hacked popular microblogging website Twitter in December replacing Twitter's home page with the same headline and an anti-American message.
(Source: Reuters)
Full story
Reuters
Monday, January 11, 2010
A wireless industry group said mobile phone conversations are safe from eavesdropping, even after a German security expert released the code for unscrambling calls made using most of the world's cell phones. Concerns spread last week that cell phone calls could easily be intercepted after encryption expert Karsten Nohl unveiled his research at Europe's largest hacking conference, in Berlin.
The London-based GSM Association said on Thursday that it has spent the past few years figuring out ways to thwart hackers who might try to tap into wireless calls using Nohl's research, which it first learned of in 2007.
(Source: Reuters)
Full story
Reuters
Friday, January 08, 2010
People who post intimate details about their lives on the internet undermine everybody else's right to privacy, claims an academic. Dr Kieron O'Hara has called for people to be more aware of the impact on society of what they publish online. "If you look at privacy in law, one important concept is a reasonable expectation of privacy," he said. "As more private lives are exported online, reasonable expectations are diminishing."
The rise of social networking has blurred the boundaries of what can be considered private, he believes - making it less of a defence by law. We live in an era that he terms "intimacy 2.0" - where people routinely share extremely personal information online.
(Source: BBC)
Full story
BBC
Thursday, January 07, 2010
The new year will usher in some interesting new changes in the world of malware and cyber-attacks, according to one company's predictions for 2010. Watchful eyes will have to be kept on mobile phone apps, Google Wave accounts, file sharing and peer-to-peer networks -- cyber-criminals will target those in greater numbers, according to predictions released by Kaspersky Labs, a provider of Internet threat management solutions for combating malware.
"Given the growing sophistication of threats -- it's no longer just an e-mail saying, ‘Please click on this attachment,' and you get infected with something -- the schemes are much more elaborate than that," said Roel Schouwenberg, the company's senior malware researcher.
(Source: Government Technology)
Full story
Government Technology
Got an e-mail list of customers or readers and want to know more about each such as their full name, friends, gender, age, interests, location, job and education level? Facebook has just the free feature you're looking for, thanks to its recent privacy changes. The hack, first publicized by blogger Max Klein, repurposes a Facebook feature that lets people find their friends on Facebook by scanning through e-mail addresses in their contact list.
Using a simple scraping tool, a marketer could then turn a list of e-mail addresses into a rich, full-fledged set of marketing profiles, with names, pictures, ages, locations, interests, photos, wall posts, affiliations and names of your friends, depending on how users have their profiles set.
(Source: CNN)
Full story
CNN
Monday, January 04, 2010
Last year, the Internet began to be seen as a basic human right and some countries have instituted legal means of guaranteeing that the vast majority of their citizens have access to a quality Internet connection. Other countries, though, are going the other way, hindering their citizen's web use and in some cases moving to disconnect them altogether. In France, the heavily criticized and disputed, so-called "three strikes" law has come into effect starting January 1st. Its backers are quick to boast the laws unabridged effectiveness, but common sense points the other way.
How exactly the agency will determine users' email addresses, or even harder, the address they are actively using remains to be seen.
(Source: Softpedia)
Full story
Softpedia
Chinese authorities caught nearly 5,400 suspects last year in a crackdown on online pornography and have vowed to strengthen Internet policing.
Beijing's pervasive policing of cyberspace and attempts to block the Internet are already among the world's most stringent. In a statement late Thursday, the Ministry of Public Security said the "purification of the Internet" and fighting of online crime are closely tied to the country's stability. "Lewd and pornographic content seriously pollutes the online environment, depraves social morals and poisons the physical and psychological health of the masses of young people," the statement said. "It must be firmly controlled."
(Source: AP)
Full story
AP
Thursday, December 17, 2009
A court in east China has handed down jail sentences of up to three years to 11 people for their roles in online gaming scams that netted them around 140,000 dollars, state media said. Lu Yizhong and Zeng Yifu wrote malicious Trojan horse viruses to steal 5.3 million user names and passwords from online gamers, which were then used for "illegal gains", the Xinhua news agency reported late Wednesday. Defendants Yan Renhai, his girlfriend Chen Huiting and other accomplices sold or used the viruses to steal online credits, the Gulou District People's Court in Jiangsu province found, according to Xinhua.
The number of Internet gamers in China reached 217 million at the end of June, or 64.2 percent of the nation's total online population.
(Source: AFP)
Full story
AFP
Wednesday, December 16, 2009
Internet users are being warned to watch out for a computer virus targeting popular social networking sites in the run up to Christmas.
Security experts say the new virus is "particularly nasty" and compels its victims to participate manually in creating a new Facebook account to help spread the worm. "The more people who use an application such as Facebook, or any other means of social networking, the more likely they are to be targeted by bad guys to send out malicious threats such as Koobface." The internet security company recommends that users do not reply to or follow links included in unsolicited Facebook messages and users should always carefully check that the URL they are entering is really that of the site they want to access.
(Source: FOX News)
Full story
FOX News
Thirty percent of 17-year-olds with cell phones have received sexting photos or videos, while eight percent have sent them, according to a new report from the Pew Research Center. What's more, four percent of 12- to 17-year-olds admit they have texted sexually suggestive nude or nearly nude images of themselves to someone else. Another 15 percent said they have received such images.
Meanwhile, laws and law-enforcement practices have emerged around sexting. The Pew report notes that some law-enforcement officers and district attorneys have begun prosecuting teens who create and share such images under laws generally reserved for producers and distributors of child pornography.
(Source: News Factor)
Full story
News Factor
Tuesday, December 15, 2009
Australia said Tuesday it would push ahead with a mandatory China-style plan to filter the Internet, despite widespread criticism that it will strangle free speech and is doomed to fail.
Communications Minister Stephen Conroy said new laws would be introduced to ban access to "refused classification" (RC) sites featuring criminal content such as child sex abuse, bestiality, rape and detailed drug use. Blacklisted sites would be determined by an independent classification body via a "public complaint" process, said Conroy, admitting there was "no silver bullet solution to cyber-safety".
(Source: AFP)
Full story
AFP
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.
The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers. This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up advertisement that looks like some sort of virus scan. Often it's nearly impossible to get rid of the pop-up windows.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, December 10, 2009
A "friendly" hacker called c0de.breaker claims to have broken into two secure internal sites at NASA's Instrument Systems and Technology and Software Engineering divisions, and snapped screen shots to prove the protected sites were intruded.
"I didn't want to make something bad!" c0de.breaker wrote in a web posting. "Only to show NASA (has) many vulnerable subdomains to SQLI (SQL injection), XSS (cross-site scripting), etc." The hacker gained access through a combination of a SQL injection and poor access controls. The National Aeronautics and Space Administration has had major problems securing its websites for years.
(Source: Gov Info Security)
Full story
Gov Info Security
Wednesday, December 09, 2009
What do phishing, instant messaging malware, DDoS attacks and 419 scams have in common? According to Cisco Systems, they're all has-been cybercrimes that were supplanted by slicker, more menacing forms of cybercrime over the past year.
In its 2009 Annual Security Report, due to be released Tuesday, Cisco says that the smart cyber-criminals are moving on. "Social media and the data-theft Trojans are the things that are really in their ascent," said Patrick Peterson, a Cisco researcher. "You can see them replacing a lot of the old-school things."
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, December 08, 2009
The government is preparing to set up a National Identity Management Center (NIMC) to distribute National Identity Cards (NIDC) across the country. Government officials said that the center will be located in Kathmandu and will distribute cards through thousands of government employees mobilized across the country.
Government officials are making preparations to set up the center on the basis of the recently submitted recommendations of a task force formed to study the need and structure of such a center. “We have recommended to the government to set up NIMC to distribute NIDCs as committed in the national budget and government policy and programs," Lilamani Paudel, Secretary at the Office of the Prime Minister and Council of Ministers (OPMCM), told myrepublica.com.
(Source: Republica)
Full story
BBC
Lessons in using the internet safely are set to become a compulsory part of the curriculum for primary school children in England from 2011.
The lessons are one element of a new government strategy being unveiled called "Click Clever, Click Safe". Children will also be encouraged to follow an online "Green Cross Code" and block and report inappropriate content. The measures have been drawn up by the UK Council on Child Internet Safety, a new body comprising 140 organisations. The campaign intends to encourage children to not give out personal information on the web, block unwanted messages on social networks and report any inappropriate behaviour to the appropriate bodies, which may include the website, teachers or even police.
(Source: BBC)
Full story
BBC
Monday, December 07, 2009
The Taiwan government says it will spend 2 billion New Taiwan dollars ($65 million) to support its electronic-book industry and help makers cash in on the rapidly growing world market.
Companies can receive government subsidies of up to 40 percent of costs for programs developing related technologies, according to an Industrial Development Bureau report released Thursday. Taiwan is already a leading player in the digital book market, being the exclusive supplier of e-paper displays for Amazon's Kindle and Sony's e-Reader through collaboration with foreign firms that hold cutting-edge electronic ink technologies, officials said.
(Source: AP)
Full story
AP
Friday, December 04, 2009
The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.
The alliance, in a report released Thursday, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts. Lots of groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said Joe Buonomo, president and CEO of Direct Computer Resources, a data security products vendor.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, December 03, 2009
The 13-year-old Florida girl sent a topless photo of herself to a boy in hope of gaining his attention. Instead, she got the attention of her school, as well as the high school nearby. The incessant bullying by classmates that followed when the photo spread put an emotional weight upon Hope that she ultimately could not bear.
Her death is only the second known case of a suicide linked to bullying after “sexting” — the practice of transmitting sexual messages or images electronically. In March, 18-year-old Jesse Logan killed herself in the face of a barrage of taunts when an ex-boyfriend forwarded explicit photos of her following their split. “As far as training them on the Internet and what to look at and what not to look at, yeah, we talked about it,”
(Source: MSNBC)
Full story
MSNBC
Wednesday, December 02, 2009
If your iPhone has been jailbroken, change your passwords now, advised Paul Ducklin, Sophos Australia's chief of technology. Ducklin said the writers of this virus included a program call "Duh", which added malicious capabilities not present in last month's ikee release.
The new password installed by this virus was "ohshit", which can be used to remove the threat of further remote attacks on an infected device. Ducklin said to clean up the device by searching the file "directory/private/var/mobile/home", type in "passwd" to initiate the command, and change the password. "Otherwise the buggers can get back in anytime they want," said Ducklin.
(Source: ZDNet Australia)
Full story
ZDNet Australia
Tuesday, December 01, 2009
It’s not good news for IT cities. According to a report prepared by the Computer Emergency Research Team from the Union IT ministry, a total of 692 websites have been affected in September alone.
The unit has now asked the respective state governments to secure their own websites. “We have instructed all state governments to instal security measures, especially for those sites which contain sensitive data,’’ said a senior ministry official. Of the websites hacked, a whopping 74% belong to the dotin domain Most common hacking method is to steal password from administrator Hackers also enter web server and destroy the site Another method is to try and poison the URL.
(Source: The Economic Times)
Full story
The Economic Times
A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.
The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect.
(Source: PC World)
Full story
PC World
Monday, November 30, 2009
Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.
Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk. The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. The hackers found a weak point in the restaurant's computer defenses, wormed their way in, and installed "malware" that stripped the numbers.
(Source: The Columbus Dispatch)
Full story
The Columbus Dispatch
Thursday, November 26, 2009
The European Union’s first dedicated NGO Alliance for Child Safety Online (eNACSO) launched its Digital Manifesto on 14 November 2009 during the Internet Governance Forum(IGF) in Egypt. ‘The global nature of the internet places a particular responsibility on international institutions and governments to take action at national and international level to ensure children are safe online’ says Dieter Carstensen, eNACSO Chair.
The Digital Manifesto will form part of eNACSO’s ‘Agenda for Action’ document which will be launched in Brussels in May 2010.
(Source: eNACSO)
Full story
eNACSO
While the Senate bogs down in negotiations over drafting major cybersecurity reform legislation, a House panel Wednesday passed a nuts-and-bolts IT security bill that would require the president to assess the government's cybersecurity workforce, including an agency-by-agency skills assessment, and provide scholarship to students who agree to work as cybersecurity specialists for the government after graduation.
"There are some very technically, sophisticated ways in enhancing cybersecurity, but there are some simple ways, also. Some aspects of computer security are rocket science and others are fairly, simple precautionary steps which most people can take."
(Source: Gov Info Security)
Full story
Gov Info Security
Wednesday, November 25, 2009
In today’s technologically advanced world, documents and correspondences that were once sent by post are now exchanged electronically. This exchange takes place smoothly until a signature is required in the transaction. Then the entire process falls back to the real ‘e-less’ world of paper documents, faxes, snail-mail and even physical presence.
Technology, however, has not ceased to search for solutions to this barrier. The result: a method that is accurate and arguably more secure than the traditional handwritten signature, which allows documents to be signed online — e-signatures.
(Source: Business Today)
Full story
Business Today
That television set you discourage your children from watching may not be the greatest threat to their wellbeing. Instead, the mobile phone is the gateway in introducing children to the world of cyberspace, posing a great risk to their safety, a lobby group said Tuesday.
According to The Cradle, the unmonitored use of technology is increasingly exposing youngsters to the risk of harm and violence. "Only 24 per cent of children in the study reported to their parents or an authority of online or cell phone harassment,” Cradle programme manager Brian Weke told journalists. The study also revealed that 77 out of the 96, who had the incidences reported to them, took no action and ignored the seriousness of the matter.
(Source: Daily Nation)
Full story
Daily Nation
Tuesday, November 24, 2009
Four men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said. FBI special agent said Ralsky, the self-proclaimed "Godfather of Spam," flooded email boxes with unwanted spam email and attempted to use a botnet to hijack computers to assist them in the scheme. A botnet is a network of computers infected by malicious software.
"Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal email advertisements," said assistant attorney general Lanny Breuer.
(Source: AFP)
Full story
AFP
Monday, November 23, 2009
A Canadian woman on long-term sick leave for depression says she lost her benefits because her insurance agent found photos of her on Facebook in which she appeared to be having fun.
Nathalie Blanchard has been on leave from her job at IBM in Bromont, Quebec, for the last year. The Canadian Broadcasting Corp. reported Saturday she was diagnosed with major depression and was receiving monthly sick-leave benefits from insurance giant Manulife. But the payments dried up this fall and when Blanchard called Manulife, she says she was told she was available to work because of Facebook.
(Source: AP)
Full story
AP
A series of skimming crimes that hit the Nashville, TN area recently is but one of many ATM fraud schemes preying upon financial institutions and their customers.
Nashville police reported last week that they were investigating an ATM card skimming scheme where at least 600 individuals were potential victims. Investigators say five Bank of America ATMs were hit, as well as an unknown number of US Bank machines. A total of 60 people had fraudulent withdrawals from their accounts for anywhere between $100 to $5,000 dollars. Investigators suspect that the skimming schemers have now moved on to other cities. "No one vendor or ATM type is more susceptible over another," Ipson says, "so everyone needs to be aware of this threat."
(Source: Bank Info Security)
Full story
Bank Info Security
Thursday, November 19, 2009
A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world.
Just five years ago, hunting botnets, said DiMino, was a much different game. The botnets were fairly straightforward, he said, and the primary method of communication was the IRC (Internet Relay Chat). DiMino and other volunteers were able to act like criminals by joining a botnet, watching its traffic to get an understanding of how it was architected and learn more its particular function. They found their efforts were worthwhile as they began contacting network hosts, alerting them that were supporting the botnets and seeing them shutdown.
(Source: ComputerWorld)
Full story
ComputerWorld
The world's biggest social networking site has brushed off criticism by a senior UK police officer responsible for preventing online bullying that it is failing to combat abuse.
Jim Gamble, head of the Child Exploitation and Online Protection (Ceop) Center, said Facebook and MySpace, which between them have more than 500 million users, could work harder to stamp out bullying. The initiative came as UK charity Beatbullying highlighted Bebo, owned by AOL, and Microsoft's instant messaging service as hotspots for bullying. In a poll of 2,094 young people across England conducted by the charity, 30 percent of 11 to 16-year-olds who had been "cyberbullied" had been targeted on Bebo.
(Source: CNN)
Full story
CNN
Wednesday, November 18, 2009
Cyber war has moved from fiction to fact, says a report. Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks. Analysis of the motives of the actors behind many attacks carried out via the internet showed that many were mounted with a explicitly political aim.
It said that many nations were now arming to defend themselves in a cyber war and readying forces to conduct their own attacks. "There are at least five countries known to be arming themselves for this kind of conflict," said Greg Day, primary analyst for security at McAfee Europe. The UK, Germany, France, China and North Korea are known to be developing their own capabilities.
(Source: BBC)
Full story
BBC
The first applications were accepted on Monday for internationalised domain names (IDNs), in one of the most significant steps to making the Internet more accessible around the globe.
The Internet Corporation for Assigned Names and Numbers (ICANN) has opened the application process, ending the exclusive use of Latin characters for website addresses. On the first day, "we have already received six applications from around the world for three different scripts," ICANN CEO Rod Beckstrom told an Internet Governance Forum (IGF) in Egypt's Red Sea resort of Sharm el-Sheikh.
(Source: AFP)
Full story
AFP
Monday, November 16, 2009
Criminal gangs are making millions of dollars out of the H1N1 flu pandemic by selling fake flu drugs over the internet, a web security firm said on Monday.
Sophos, a British security software firm said it had intercepted hundreds of millions of fake pharmaceutical spam adverts and websites this year, many of them trying to sell counterfeit antiviral drugs like Tamiflu to worried customers. Tamiflu, an antiviral marketed by Switzerland's Roche Holding and known generically as oseltamivir, is the frontline drug recommended by the World Health Organization to treat and slow the progression of flu symptoms. GlaxoSmithKline makes another antiviral for flu, known as Relenza.
(Source: Reuters)
Full story
Reuters
A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters.
The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). ACH is a widely used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. In 2002, ACH was used for nearly 9 billion transactions worth more than $24.4 trillion.
(Source: ComputerWorld)
Full story
ComputerWorld
Friday, November 13, 2009
Testing a brand new copy of Windows 7 shows that malware still finds its way around inbuilt preventative measures.
Got Windows 7? Yes, we know an increasing number of you have. But you'll still need antivirus protection. A test by the security company Sophos has found that Windows 7 is, out of the box, vulnerable to 8 out of 10 viruses that dropped into its feed (its feed being gnarly viruses picked from the internet). But of those 8, the User Account Control (UAC) - meant to save you from yourself, you button-clicking obsessive, you - did stop one.
(Source: Guardian)
Full story
Guardian
Nearly half of England's 14-year-olds have been a victim of bullying and cyber-bullying is now the joint most common form, according to new research.
The Government-commissioned research, conducted by the National Centre for Social Research, analysed bullying among more than 10,000 secondary school pupils in England aged 14-16. The initial findings show that 47 per cent of young people report being bullied at the age of 14. After cyberbullying - where children face taunts, threats and insults via the internet and mobile phones - and name calling, the most common type of bullying was teenagers being threatened with violence, being excluded by their friends and facing actual violence.
(Source: Telegraph)
Full story
Telegraph
Thursday, November 12, 2009
For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.
Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem.
(Source: TUAW News)
Full story
TUAW News
Australian internet provider BigPond has become the latest internet company to be targeted by hackers on Twitter, after one of its accounts was hijacked as part of a phishing scam.
Affected users received a private message from BigPondTeam saying "Hey, look at this," and directing them to follow a link that asked them to enter their Twitter password. The attack was part of an attempt to steal their credentials and potentially gain access to other services they use - such as their bank accounts or email services.
(Source: Guardian)
Full story
Guardian
Tuesday, November 10, 2009
THE next world war could take place in cyberspace, the UN telecommunications agency chief has warned. "The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower,'' Hamadoun Toure said.
"Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack,'' added the secretary-general of the International Telecommunications Union during the ITU's Telecom World 2009 fair in Geneva. As the internet becomes more linked with daily lives, cyberattacks and crimes have also increased in frequency, experts said.
(Source: News.com)
Full story
News.com
Monday, November 09, 2009
Spain says Internet-related child pornography has risen tenfold in the past five years. Francisco Villanueva of the Interior Ministry says the number of cases has gone from 108 in 2004 to 1,024 last year. Other Internet-related crimes also rose.
Villanueva said Thursday that hacking has risen from 92 to 447 cases, and that bank fraud has more than doubled in the same period, from 509 cases to 1,954. He says piracy of intellectual property decreased slightly from 330 to 298 cases, but that if more resources are not dedicated to policing piracy, Spain could lose up to 300,000 jobs. Villanueva says Spain's cyber crime levels are similar to those of neighboring European countries.
(Source: AP)
Full story
AP
Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they'll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites. Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.
An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.
(Source: AP)
Full story
AP
Thursday, November 05, 2009
China has issued rules banning the beating and confinement of youths being treated for Internet addiction after revelations of abuse at rehabilitation clinics, including the death of one teenager. The regulations posted on the health ministry's website Wednesday stressed that restraint must be used in dealing with such youngsters as "the concept of 'Internet addiction' has not been fully defined".
In August, the beating death of a teenage boy enrolled by his parents at an Internet addiction camp in southern China's Guangxi region provoked outrage across the country.
(Source: AFP)
Full story
AFP
Internet users throughout Europe accused of illegal file-sharing are to receive more protection from being cut off by their service provider. The European Parliament and Council is due to make a decision on its Telecoms Reform Package in late November. The package will entitle users in all 27 EU states to be put through a "fair and impartial procedure" before being disconnected.
The outcome is a compromise agreed during all night negotiations. Some members of the European Parliament felt nobody should lose their connection until after they had been prosecuted in a court for illegally downloading content.
(Source: BBC)
Full story
BBC
Wednesday, November 04, 2009
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges. According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.
Hackers have known for years that certain models of cable modem, such as the Motorola Surfboard 5100, can be hacked to run faster on a network, a process known as uncapping.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, November 03, 2009
China's police chief has called for a reinforced nationwide Internet security system, in the nation's latest effort to oversee the activities of the world's largest online population.
"The Internet is developing quickly, there are many loopholes in social management, and maintaining social stability faces unprecedented new challenges," public security minister Meng Jianzhu said in rare public remarks. Internet use has expanded at a dizzying pace in China, which now has the world's largest online population of at least 338 million users.
(Source: AFP)
Full story
AFP
Monday, November 02, 2009
If your cash card gets eaten by the automated-teller machine, it may not end up in the hands of a bank employee. European financial institutions are seeing a sharp rise in card "trapping," where criminals use various tricks in order to capture and retrieve a person's ATM card for fraudulent use.
For the first half of this year, financial institutions reported 1,045 trapping incidents, according to a new report from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. The figure, which covers 20 countries within the Single Euro Payments Area (SEPA), represents a 640 percent increase over the first half of 2008.
(Source: CIO)
Full story
CIO
Friday, October 30, 2009
Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.
"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page. The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.
(Source: ComputerWorld)
Full story
ComputerWorld
Facebook outlined changes to its privacy policy on Thursday and asked for feedback from the social network's more than 300 million users. Members will have until November 5 to send in their comments about the proposed changes.
"This is the next step in our ongoing effort to run Facebook in an open and transparent way. After the comment period is over, we'll review your feedback and update you on our next steps." Some of the changes to Facebook's privacy policy are the result of pressure from Canada, whose privacy czar conducted an investigation into its handling of personal information.
(Source: AFP)
Full story
AFP
Thursday, October 29, 2009
I am advised to "avoid giving my credit card online" and to be "careful when banking online" and to use random, complex passwords that I never repeat and never write down. So, as long as I refrain from commerce, stay indoors and have a superhuman memory, I should be fine!
I worry about identity theft and take measures, throughout the year, to defend my identity. So here's some identify defense advice that's actually practical: * Don't sign credit cards. I sign mine "See ID". Why give a card thief my signature too?
(Source: ComputerWorld)
Full story
ComputerWorld
The 17-year-old’s body was dumped in a ditch after she sneaked out of her home on Sunday night to meet a boy she thought was 16, but who turned out to be 32. Her mother, Andrea Hall urged, “Tell your kids to be careful on the internet. Don't trust anybody and don't put your children on Facebook or other sites if they are under age. All we ask now is that people help the police in any way they can. We don't want any other child to be a victim.”
A 32-year-old man, of no fixed abode was due to appear at Newton Aycliffe Magistrates Court on Wednesday, charged with manslaughter and kidnap. The convicted sex offender was also charged with failing to notify a new address as required for sex offenders under the Sexual Offences Act 2003.
(Source: Telegraph)
Full story
Telegraph
Wednesday, October 28, 2009
Nearly a decade after it introduced a program to internationalize domain names, the Internet Corporation for Assigned Names and Numbers is expected to take another step on Friday. ICANN, during its annual meeting in Seoul, Korea, will vote on the internationalized domain names (IDN) initiative, better known as the Fast Track.
"In Seoul, we plan to move forward to the next step in the internationalization of the Internet, which means that eventually people from every corner of the globe will be able to navigate much of the online world using their native language scripts," said Rod Beckstrom, ICANN's CEO.
(Source: NewsFactor)
Full story
NewsFactor
A man is being questioned after the body of a teenager he is believed to have met on the internet was discovered in a field in County Durham.
Det Ch Insp Paul Harker said the case highlighted the dangers of meeting people on the internet, and urged parents to monitor their children's online habits. He said: "This is a very, very unusual event. My message in terms of meeting people from the internet is 'please do not do it unless you are absolutely certain it is safe'." He added: "Speak to them about it, speak to their friends, let them know the dangers of the internet."
(Source: BBC)
Full story
BBC
Tuesday, October 27, 2009
The Swiss Foreign Ministry says it was the victim of a "professional" cyber attack aimed at obtaining information from its computer network. Spokesman Georg Farago says the ministry cut the connection between its network and the Internet after the attack was discovered on Thursday. He says specialists are trying to determine the source of the attack and whether any information was stolen.
Farago said Monday it appeared the Foreign Ministry was specifically targeted. Switzerland frequently plays host to international peace talks and other high-level negotiations.
(Source: AP)
Full story
AP
Developing countries risk missing out on the benefits of information technology because of their lack of broadband infrastructure, a U.N. agency said.
Lack of broadband Internet access deprives countries of the possibility of building up offshoring industries, the United Nations Conference on Trade and Development (UNCTAD) said in a report late on Thursday. It also prevents people from tapping into all the advantages of mobile phones, whose use is exploding in poor countries. "What is known as the broadband gap for example is becoming a serious handicap for companies in many poor countries," he told a briefing to launch UNCTAD's Information Economy Report.
(Source: Reuters)
Full story
Reuters
Monday, October 26, 2009
The Internet is set for its biggest technical change in decades when a new multilingual address system is approved this week, a global regulatory body said Monday.
The Internet Corporation for Assigned Names and Numbers (ICANN) said it would declare an end to the exclusive use of Latin characters for website addresses on Friday -- the final day of its six-day conference in Seoul. When the change comes into force, it will be possible to use characters from other languages -- such as Chinese, Arabic, Korean and Japanese -- for a full Internet address, instead of for just part of an address as now.
(Source: AFP)
Full story
AFP
Nigeria's anti-corruption police is working with Microsoft to halt thousands of fraudulent emails in a crackdown on internet crime in Africa's most populous country, an agency spokesman said.
The Economic and Financial Crimes Commission (EFCC) said on Thursday its new project "Eagle Claw," expected to become fully operational within six months, is aimed at improving Nigeria's tarnished image as one of the world's top countries for internet crime. The agency said it has already shut down 800 scam websites and arrested 18 people.
(Source: Reuters)
Full story
Reuters
Networks of hacked computers are being used more than ever to click on advertisements, a scam known as click fraud that cheats search engines, publishers and ad networks out of revenue.
For the third quarter of the year, 42.6% of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5% of bad clicks. Botnets are a powerful tool for hackers.
(Source: ComputerWorld)
Full story
ComputerWorld
Friday, October 23, 2009
China is building its cyberwarfare capabilities and appears to be using the growing technical abilities to collect U.S. intelligence through a sophisticated and long-term computer attack campaign, according to an independent report.
Released Thursday by a congressional advisory panel, the study found cases suggesting that China's elite hacker community has ties to the Beijing government, although there is little hard evidence. The Pentagon report described computer attacks believed to have originated in China, but concluded that "it remains unclear if these intrusions were conducted by, or with the endorsement of, the PLA or other elements of the PRC (People's Republic of China) government."
(Source: AP)
Full story
AP
The European Parliament has given the green light for member states to cut persistent file-sharers off from the net. It has dropped an amendment to its Telcoms Package which would have made it hard for countries to cut off pirates without court authority. It follows pressure from countries keen to adopt tough anti-piracy laws.
The French government has just approved plans which could see pirates removed from the net for up to a year. The UK's file-sharing policy is also likely to include a clause about disconnecting persistent offenders. The European Parliament was originally opposed to such legislation, claiming internet access was a basic human right.
(Source: BBC)
Full story
BBC
Thursday, October 22, 2009
It is being billed as the largest-ever social change event on the Web and one which its organizers believe will unite the digital world in a wider conversation about climate change.
"I would say that 99 percent of our bloggers have never written about climate change before. I think there is a lot of power in people who usually don't write about this having conversations about a major issue like climate change." The scale of involvement in the day has been impressive. So far, over 8,000 blogs have registered in 144 countries and organizers predict that there will be around 15 million readers.
(Source: CNN)
Full story
CNN
The Republic of Montenegro officially became a member of the International Multilateral Partnership against Cyber Threats (IMPACT), which is established under the International Telecommunication Union (ITU) and consists of 191 members. The President of the Board of Directors of IMPACT -Mr. Datuk Muhd Noor Amin- welcomed Montenegro's membership in IMPACT and stated that Montenegro acquired the status of a full member in this international organization.
Montenegro has recently acquired the capability to track new information on cyber threats. More particularly, the participation in IMPACT will assist Montenegro in the identification of cyber threats in the early stages of their development.
(Source: eGov Monitor)
Full story
eGov Monitor
Wednesday, October 21, 2009
Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online.
The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is — a "shopping" website. The trick is, the shopping site is not a real one. The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.
(Source: Fox News)
Full story
Fox News
Hotmail and several other Web e-mail providers were recently hit by phishing attacks that gleaned usernames and passwords.It's terribly insecure, but the string of digits 1234567 is a popular password on Hotmail, according to security researcher Bogdan Calin, who analyzed 9,843 stolen Windows Live Hotmail passwords that were posted on a Web site.
In a blog post, Calin said the following were the most common passwords in the Hotmail collection: 123456, 123456789, alejandra, 111111, alberto, tequiero, alejandro and 12345678.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, October 20, 2009
Surfing the Internet just might be a way to preserve your mental skills as you age. Researchers found that older adults who started browsing the Web experienced improved brain function after only a few days.
"You can teach an old brain new technology tricks," said Dr. Gary Small, a psychiatry professor. With people who had little Internet experience, "we found that after just a week of practice, there was a much greater extent of activity particularly in the areas of the brain that make decisions, the thinking brain -- which makes sense because, when you're searching online, you're making a lot of decisions," he said. "It's interactive."
(Source: Health Day)
Full story
Health Day
A 15-year-old girl who posted her profile on a vampire website was allegedly murdered by two men who created a "fictional internet alter-ego" a court heard.
Carly Ryan's body was found by a swimmer on an Australian beach in 2007. Yesterday a father and son appeared before the South Australian supreme court accused of setting a trap that led to her alleged murder. The girl posted personal details and photographs of herself on the Gothic website www.vampirefreaks.com and soon began an internet romance with a fictitious teenager called Brandon.
(Source: Telegraph)
Full story
Telegraph
Monday, October 19, 2009
The founder of lastminute.com, Martha Lane Fox, has unveiled an ambitious policy to get everyone in Britain online by 2012, backed by a study that says it would save the government up to £1bn annually in customer service costs and boost the economy by more than £20bn.
Lane Fox, who is now chair of the government-created Digital Inclusion Task Force, says that getting the 10m Britons who have never used the internet to go online could generate at least £22.6bn in economic benefit – including at least £10.6bn over the lifetimes of the 1.6m children who have never used it.
(Source: Guardian)
Full story
Guardian
Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.
Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee. "Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine,"
(Source: Reuters)
Full story
Reuters
Friday, October 16, 2009
It’s the F word question that all parents now dread. “Can I go on Facebook?” your eleven year-old bullies you over dinner, declaring that absolutely everybody else in her class is not only on Facebook, but also on Twitter as well as Bebo and Orkut and other peculiarly named social networks.
So how should parents in today’s social media age deal with the F word question? Is social networking bad for children’s brains? Should we allow our kids to freely expose their identities on the Internet?
(Source: Telegraph)
Full story
Telegraph
Cyber-crime just doesn't pay like it used to. Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics.
Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims' servers with unwanted information.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, October 15, 2009
A survey of 16 to 24 year olds has found that 75% of them feel they "couldn't live" without the internet. The report, published by online charity YouthNet, also found that four out of five young people used the web to look for advice.
About one third added that they felt no need to talk to a person face to face about their problems because of the resources available online. The survey looked at how the web influences the well-being of people aged between 16 and 24.
(Source: BBC)
Full story
BBC
Internet users in the North East of England have the most nervous attitude towards the web, according to research that highlights the country's "digital divide".
Online engagement will soon replace social class as the most powerful determiner of economic success, damaging the career prospects of internet refuseniks, according to the social anthologist who analysed the survey. Nearly one-third (31 per cent) of in the North East are reluctant to use the internet for anything more than sending email and occasional browsing, higher than the national average of 23 per cent.
(Source: Telegraph)
Full story
Telegraph
Wednesday, October 14, 2009
Twitter users should refrain from changing their log-in data until further notice or else risk getting locked out of their accounts. Twitter is investigating instances of users who have lost access to their accounts after modifying their usernames, passwords or e-mail addresses, the microblogging company said on Tuesday.
Until the problem is resolved, Twitter users shouldn't modify their log-in data, according to an official posting on Twitter's Status Web site. "This seems to affect new users as well as long term users," the note reads.
(Source: ComputerWorld)
Full story
ComputerWorld
Studies on whether mobile phones can cause cancer, especially brain tumors, vary widely in quality and there may be some bias in those showing the least risk, researchers reported on Tuesday. So far it is difficult to demonstrate any link, although the best studies do suggest some association between mobile phone use and cancer, the team led by Dr. Seung-Kwon Myung of South Korea's National Cancer Center found.
Myung and colleagues at Ewha Womans University and Seoul National University Hospital in Seoul and the University of California, Berkeley, examined 23 published studies of more than 37,000 people in what is called a meta-analysis.
(Source: Reuters)
Full story
Reuters
Tuesday, October 13, 2009
About a third of UK employees throw sensitive documents in the bin instead of shredding them, research suggests. The study also found almost three-quarters of workers felt their organisations could do more to protect their customers' sensitive information.
The data was compiled for National Identity Fraud Prevention Week. Identity fraud costs the UK more than £1.2bn annually. The UK's Fraud Prevention Service says 60,000 people have fallen victim so far this year.
(Source: BBC)
Full story
BBC
Facebook has seen an impressive bump in traffic versus this time last year. For September 2009, the site claimed 58.6 percent of U.S. social networking tracking, a jump of 194-percent over the same period last year. Twitter's increase, meanwhile, was downright absurd, jumping 1,170 percent over the past year.
In September 2008, Facebook recorded a 19.94 share, which increased to 58.59 percent for Sept. 2009. MySpace, by contrast, dominated the social-networking sites last September, with a 66.8 percent share. Since then, however, MySpace's market share has plunged to 30.3 percent, still leaving it second in U.S. traffic.
(Source: PC Magazine)
Full story
PC Magazine
Monday, October 12, 2009
For the fourth time this year, Adobe has admitted that hackers used malicious PDF documents to break into Windows PCs.
The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.
(Source: ComputerWorld)
Full story
ComputerWorld
Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.
The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.
(Source: PCWorld)
Full story
PCWorld
Friday, October 09, 2009
Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said.
"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."
(Source: ComputerWorld)
Full story
ComputerWorld
1. There's always a friend's computer. 2. They're a form of censorship. 3. They give you a false sense of security. 4. Kids resent them -- and you. 5. Kids can defeat them. 6. They catch too much. 7. They don't catch everything.
Most parental control programs use a combination of filtering techniques to block access to unwanted sites. But each method is vulnerable, and none promises 100% accuracy. Text-based filters can't really determine the context of words or phrases, so they can block access to perfectly acceptable sites. Words like "sucking," for example, might get caught in the filter and prevent your kid from researching, say, mosquitoes.
(Source: Common Sense)
Full story
Common Sense
Meet "network man." He has basic desires of his own, but has many arbitrary preferences, such as in music or clothes, that have been influenced by the people he knows. Network man's likes and dislikes, in turn, affect the behavior of his friends, and their friends, and their friends.
People have profound influences on each other's behavior within three degrees of separation, the authors find. That means that your friends, your friends' friends, and your friends' friends' friends may all affect your eating habits, voting preferences, happiness, and more. At the fourth degree, however, the influence substantially weakens.
(Source: CNN)
Full story
CNN
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.
In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, October 08, 2009
IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.
And ironically, Sheran Gunasekera, head of research and development at ZenConsult, said the BlackBerry is one of the most secure smartphones available, in some ways better than the iPhone.
(Source: ComputerWorld)
Full story
ComputerWorld
Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.
The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.
(Source: AFP)
Full story
AFP
Wednesday, October 07, 2009
Privacy and security are foundational to health care reform. Patients will trust electronic health care records only if they believe their confidentiality is protected via good security.
As vice chairman of the federal Healthcare Information Technology Standards Committee, I have been on the front lines in the debate over the standards and implementation guidance needed to support the exchange of health care information. Over the past few months, I've learned a great deal from the committee's privacy and security workgroup.
(Source: ComputerWorld)
Full story
ComputerWorld
The social networking site said that its security teams had noticed an increase in scams where people's login information is collected through phishing sites, and then their accounts are accessed without permission to ask friends for money.
"While the total number of people who have been impacted is small, we take any threat to security seriously and are redoubling our efforts to combat the scam," The attacks, known as 419 scams, involve a fraudster accessing Facebook accounts and posing as the account owner.
(Source: Telegraph)
Full story
Telegraph
Tuesday, October 06, 2009
Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.
Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
(Source: AFP)
Full story
AFP
In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves.
Hackers broke into the site and managed to access the real legal name, username and the partially masked passwords used by customers to log into the site. They then used the information to send very realistic looking phishing e-mails to PayChoice's customers directing them to download a Web browser plug-in to be able to continue using the onlineemployer.com service.
(Source: ComputerWorld)
Full story
ComputerWorld
Friday, October 02, 2009
US Homeland Security Secretary Janet Napolitano said Thursday that her department has received the green light to hire up to 1,000 cybersecurity experts over the next three years.
Kicking off "National Cybersecurity Awareness Month," she said the new recruits would "help fulfill the department's broad mission to protect the nation's cyber infrastructure, systems and networks." "Effective cybersecurity requires all partners -- individuals, communities, government entities and the private sector -- to work together to protect our networks and strengthen our cyber resiliency," Napolitano said.
(Source: AFP)
Full story
AFP
Thursday, October 01, 2009
A long-time critic of the video game industry has sued Facebook for US$40 million, saying that the social networking site harmed him by not removing angry postings made by Facebook gamers.
Thompson is best know for bringing suit against Grand Theft Auto's Take Two Interactive, Sony Computer Entertainment America, and Wal-Mart, arguing that the game caused violent behavior. In 2005 episode of CBS's 60 Minutes, Thompson likened the popular video game to a "murder simulator" and blamed it for the 2003 shooting deaths of two police officers and a 911 dispatcher in Fayette, Alabama.
(Source: PCWorld)
Full story
PCWorld
It's your birthday. And thanks to your Facebook profile, everybody knows that. Your wall fills up with well wishes from hundreds of "friends." Sure, it's nice to be noticed. But security experts are skeptical about whether sharing information, such as birthdays, with a broad audience is a bright idea. "It's all about providing the bad guy with intelligence," said Robert Siciliano, CEO of IDtheftsecurity.com.
Many people use their birthdate in passwords and personal identification numbers, and security questions often ask for it to resend a lost password. So broadcasting a birthdate could help cybercriminals pose as others as they log on to various Web sites, experts warned.
(Source: CNN)
Full story
CNN
Wednesday, September 30, 2009
Cybersecurity researchers often scare the IT world with tales of brilliant and devious hacks: encryption cracking techniques, wi-fi booby-traps and undetected vulnerability data sold on the black market. But the most common path cybercriminals use to gain access to victims' PCs today, according to a new report, is far more mundane: buggy software that users and IT administrators fail to patch for months, long after fixes are publicly available.
The study to be released Tuesday by the security-focused SANS Institute states that the cybersecurity community is facing an epidemic of unpatched software, particularly widely used applications like Adobe Flash, Java and Microsoft programs like Word and PowerPoint.
(Source: Forbes)
Full story
Forbes
Microsoft on Tuesday began serving up scam warnings with Bing search results for topics such as fixing credit scores or rescue from home foreclosure that are prime material for online cons.
Microsoft worked with the US Federal Trade Commission (FTC), Postal Inspection Service, and Western Union to provide public service announcements (PSAs) in the form of advertising posted on relevant Bing results pages. Targeted in the campaign are key words related to searches for information about foreclosure rescue offers; promises to fix credit problems, and "lottery scams" in which people are told they've won prizes but must pay to collect.
(Source: AFP)
Full story
AFP
Tuesday, September 29, 2009
Web surfing is no longer a solo affair. Facebook, Twitter, and other social networks have quickly become an integral part of the online culture, and with them comes a whole new array of potential security threats.
Social networking is built on the idea of sharing information openly and fostering a sense of community. Unfortunately, an online network of individuals actively sharing their experiences and seeking connections with other like-minded people can be easy prey for hackers bent on social-engineering and phishing attacks. It's important to be aware of the threats, and to maintain a healthy skepticism in your online interactions.
(Source: ComputerWorld)
Full story
ComputerWorld
The US Secret Service is trying to identify the people who launched an online poll at Facebook asking whether US President Barack Obama should be assassinated. Facebook on Monday shut down the user-generated poll, which was titled "Should Obama be killed?" and offered answer choices of yes, no, maybe, and "If he cuts my health care."
"Once we found out about it, we worked with Facebook to have it removed," Secret Service spokesman Malcolm Wiley told AFP. "We are certainly investigating; just like we would with any threat case." More than 750 Facebook users had reportedly cast votes by the time the poll was yanked from the wildly popular online social networking community.
(Source: AFP)
Full story
AFP
Monday, September 28, 2009
A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.
In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."
(Source: ComputerWorld)
Full story
ComputerWorld
Next time you're recovering from trip to the emergency room, keep an eye on the young doctors tending to you. They might be chatting about your case on Twitter, Facebook, YouTube, and blogs.
A survey of medical schools published in the Journal of the American Medical Association found that 13 percent of respondents reported breaches of doctor-patient confidentiality, and 60 percent reported "unprofessional content" posted online.
(Source: PCWorld)
Full story
PCWorld
Friday, September 25, 2009
Many major social networking sites are leaking information that allows third party advertising and tracking companies to associate the Web browsing habits of users with a specific person, researchers warn.
That's the conclusion of a study on the leakage of personally identifiable information on social networks done at AT&T Labs and the Worcester Polytechnic Institute. "In some cases, the leakage may be unintentional, but in others, there is clever and surreptitious anti-privacy engineering at work," the EFF said.
(Source: ComputerWorld)
Full story
ComputerWorld
They were crimes born of the Internet age -- romantic solicitations on popular Web site Craigslist that police say led to the fatal shooting of one woman and the robbery of another in Boston hotels this past spring. And it was high-tech, 21st-century sleuthing, along with some old-fashioned gumshoe detective work, that put police on the trail toward a suspect and eventually an arrest.
CNN looks at how technology was used to lead police to 23-year-old medical student Philip Markoff, who has been indicted on seven counts, including first-degree murder. Investigators knew they had crimes born of the Internet on their hands, but how were they able to use that same technology to help them find a suspect who went to great lengths to hide his tracks?
(Source: CNN)
Full story
CNN
Thursday, September 24, 2009
Scammers are increasingly using machine-generated Twitter accounts to post messages about trendy topics, and tempt users into clicking on a link that leads to servers hosting fake Windows antivirus software, security researchers said Monday.
The latest Twitter attacks originated with malicious accounts cranked out by software, said experts at both F-Secure and Sophos. The accounts, which use variable account and user names, supposedly represent U.S. Twitter users. In some cases, the background wallpaper is customized for each account, yet another tactic to make the unwary think that a real person is responsible for the content.
(Source: ComputerWorld)
Full story
ComputerWorld
Teens and texting is a subject that's often discussed in pathological terms. They're texting in class! They're sexting! They need thumb therapy! But texting isn't always bad. In some families, it's become a primary form of communication between parents and children. In fact, one of my favorite texts from kids is the earth-shattering query "Wuz4dina?"
Psychologist Thomas W. Phelan says one of the biggest problems with teens is getting them to communicate at all, so if they're willing to text their parents, we should embrace the trend. "Instead of seeing the whole text thing as an enemy, see it as an ally."
(Source: AP)
Full story
AP
Tuesday, September 22, 2009
Decades of war and occupation have not provided an answer to that question -- but the social networking Web site now permits both options, sparking fears about an anti-Facebook cyber-war. The Golan Heights is Syrian territory that was captured by Israel during the Six-Day War in 1967. Since then it has been internationally classified as Israeli-occupied territory.
Up until recently, Facebook fans in the Golan Heights could only choose Syria as their country of origin or else leave it blank. Pro-Israel Web site honestreporting.com sought to change that, starting a group called "Facebook, Golan residents live in Israel, not Syria."
(Source: CNN)
Full story
CNN
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics. The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because it was initially redirecting traffic through 200,000 parked domains in the Bahamas, although it is now using sites in Amsterdam, the U.K. and Silicon Valley.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, September 21, 2009
Federal Communications Commission Chairman Julius Genachowski is expected to outline network-neutrality proposals on Monday, according to Reuters. The proposals could become rules at the FCC's October meeting.
Neutrality advocates want Internet service providers barred from blocking or slowing Internet traffic based on content. ISPs, including AT&T, Verizon Communications, and Comcast, say growing traffic needs to be managed, and they contend that neutrality could stifle innovation.
(Source: NewsFactor)
Full story
NewsFactor
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.
Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue. DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users".
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, September 17, 2009
In the economic downturn, teenagers around the world have focused their spending cuts on clothes, games and food, according to a survey by networking site Habbo Hotel.
The survey of 61,000 teenagers in more than 30 countries showed one teenager out of three is getting less money from their parents, with more than half of youngsters getting less to spend in the United States, Spain and Latin America. Some 19 percent of youngsters globally say the recession has most hurt their spending on console and computer games -- the industry for which teenagers are a key client group.
(Source: Reuter)
Full story
Reuter
With many who bank online now wary of phishing attacks, criminals are adding fake live-chat support windows to their Web sites to make them seem more real. RSA Security spotted the first ever of these "chat-in-the-middle" attacks in the past few hours, according to Sean Brady, a manager with the security company's identity protection and verification group.
The phishers send e-mails that direct victims to a fake Web page designed to look like a banking site. That's a standard technique, but what's different in this case is that the phishing site comes with a fake online chat option, so that scammers can talk directly with their victims.
(Source: PCWorld)
Full story
PCWorld
Wednesday, September 16, 2009
The French National Assembly has passed a draft law that would allow illegal downloaders to be thrown off the net. The law was narrowly passed by 285 votes to 225.
The French hard-line policy on piracy has drawn worldwide attention as nations around the globe grapple with the issue of piracy. The ruling majority UMP voted in favour but the Socialist Party has already announced that they will appeal to the Constitutional Court once again. The Constitutional Court insisted that a judge rather than a high authority had to rule on the issue of whether to disconnect users.
(Source: BBC)
Full story
BBC
As millions of students across the world go back to school this month, 178 students from 49 countries will turn on their computers and step onto the virtual campus of the world's first global, tuition-free online university.
"Our mission is to change people's lives." Called University of the People, the non-profit comes from Israeli entrepreneur Shai Reshef who says he founded the school to provide higher education to those who might otherwise never have access to it. "We are creating a global classroom for science and allowing people to freely collaborate. We want to put high quality teaching and learning materials into the hands of anybody and everybody who wants to become a scientist,"
(Source: CNN)
Full story
CNN
Tuesday, September 15, 2009
A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.
Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade. Federal authorities say tens of millions of credit and debit card numbers were stolen. Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft.
(Source: AP)
Full story
AP
Monday, September 14, 2009
Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.
The e-mails invite recipients to open a document with information claiming the H1N1 flu virus was developed by pharmaceutical firms seeking to make huge profits from the outbreak, Pandasecurity said in a statement. But if the document is opened, a virus is installed on the person's computer which can steal personal information like bank account data.
(Source: AFP)
Full story
AFP
South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday. The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.
In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. The country already has a military cyber unit. South Korea, where 95 percent of homes have broadband, is among the top countries in terms of access to the high-speed Internet.
(Source: AFP)
Full story
AFP
Friday, September 11, 2009
A third of Web users under 25 claim they don't care about their "digital tattoo" and the items they post online, says Symantec. Symantec said a "digital tattoo" is created by all the personal information web users post online and can easily be found through search engines by a potential or current employer, friends and acquaintances, or anyone who has malicious intent.
The security firm revealed that nearly two-thirds of all those surveyed had uploaded personal photographs, while 79 percent had at least part of their address online and nearly half had their mobile phone numbers online.
(Source: PCWorld)
Full story
PCWorld
In communist Cuba, where only state media exist locally, a vibrant blogger culture has emerged as a venue for critical commentary, a leading journalists' rights group said Thursday. "Despite vast legal and technical obstacles, a growing number of Cuban bloggers have prevailed over the regime?s tight Internet restrictions to disseminate island news and views online," said a report from the New-York based Committee to Protect Journalists (CPJ).
"The bloggers, mainly young adults from a variety of professions, have opened a new space for free expression in Cuba, while offering a fresh glimmer of hope for the rebirth of independent ideas in Cuba?s closed system."
(Source: AFP)
Full story
AFP
Thursday, September 10, 2009
By selling an array of virtual products from avatar clothes to e-furniture, Asia's social networking sites appear to have solved the conundrum of how to leverage big profits from their extensive user bases.
Chinese university student Tan Shengrong spends about 20 yuan ($2.90) per month purchasing outfits for her pet penguin avatar or playing games on QQ, an instant message portal on Qzone, China's most popular social networking site. It might not seem like a hefty sum, but every fen, or cent, is money in the bank for Tencent Holdings, which owns Qzone and saw an 85 percent increase in its second quarter net profit this year compared to 2008 despite the economic downturn.
(Source: Reuter)
Full story
Reuter
Hong Kong is under siege from legions of "zombies" attacking people with spam and leaving in their wake a trail of destruction costing millions of dollars a year, analysts have warned.
There are an estimated 4,000 zombies active in Hong Kong and their criminal puppet masters use them to fire off thousands of messages offering products ranging from jewellery to pornography. According to the 2008 Annual Security Report by Internet security firm MessageLabs 81.3 percent of emails sent to Hong Kong computer users last year were spam, more than in any other territory or country in the world.
(Source: INQUIRER)
Full story
INQUIRER
Wednesday, September 09, 2009
Anonymous hackers have attacked a Taiwan film festival over plans to screen a documentary on the US-based leader of China's predominantly Muslim Uighur minority, festival organisers said Tuesday. A message, posted on a blog run by one of the organisers of the Kaohsiung Film Festival, blamed Rebiya Kadeer for recent bloody unrest in northwest China's Xinjiang region, which is home to the Turkic-speaking Uighurs.
The film festival, which takes place in Taiwan's second largest city Kaohsiung, is scheduled to show "Ten Conditions of Love" on World Uighur Congress leader Kadeer in October.
(Source: INQUIRER)
Full story
INQUIRER
President Barack Obama warned American teenagers on Tuesday of the dangers of putting too much personal information on Internet social networking sites, saying it could come back to haunt them in later life. "Well, let me give you some very practical tips. First of all, I want everybody here to be careful about what you post on Facebook, because in the YouTube age, whatever you do, it will be pulled up again later somewhere in your life," Obama said.
The presidential words of advice follow recent studies that suggest U.S. employers are increasingly turning to sites such as Facebook and News Corp's MySpace to conduct background checks on job applicants.
(Source: Reuter)
Full story
Reuter
Tuesday, September 08, 2009
Web sites that collect information about visitors in order to target advertising on their own pages would be required to prominently disclose what information they gather. Web sites that share user information with outside advertising networks, which place ads on sites all over the Internet, would be required to obtain user approval before collecting data. Web sites that deal with sensitive personal information, such as medical and financial data, sexual orientation, Social Security numbers and other ID numbers, would be subject to the opt-in rule.
Rep. Rick Boucher, chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, hopes to put in a bill governing Internet advertising.
(Source: AP)
Full story
AP
Parents who install a leading brand of software to monitor their kids' online activities may be unwittingly allowing the company to read their children's chat messages - and sell the marketing data gathered.
Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids.
(Source: AP)
Full story
AP
Monday, September 07, 2009
China approved of Google's efforts to filter porn from search results on its China portal following state-led criticism of the links, the former head of Google China said Sunday.
Google.cn has long filtered out some results for sensitive searches. The search engine displays a notice that some results have been filtered for search terms such as "Tiananmen," the square in Beijing around which soldiers killed hundreds to disperse a student democracy protest in 1989, or for the names of major political leaders. The search engine currently displays no search results at all for "Xu Zhiyong," the name of a human rights lawyer recently detained for about one month. The results screen says the search "may touch on content that does not conform with the related laws, regulations and policies"
(Source: PCWorld)
Full story
PCWorld
In an age in which instant news and constant life streams from Facebook and Twitter change the way we communicate, the rules of etiquette surrounding these interactions are still evolving. What happens when I expected a phone call about something and read about it in a status update instead? What's the polite response to a distant friend posting bad news on Facebook? What to do with sensitive information?
Good etiquette on Facebook might not apply on Twitter or in an e-mail. These days, milestones like marriage, pregnancy, breakups and divorce are being described over more forms of communications than ever. Because it's so new, there is sort of a gray area of what the manners are,"
(Source: AP)
Full story
AP
Friday, September 04, 2009
Facebook warned Thursday that members who buy "friends" from an Australian online marketing company could face banishment from the social network. The Brisbane-based firm, uSocial.net, offered this week to sell a Facebook user 1,000 friends for 177 dollars and 5,000 friends -- on a standard profile account -- for 654 dollars. USocial caused a stir earlier this year with a similar offer to users of popular micro-blogging service Twitter seeking to increase their number of followers.
Facebook fired back against uSocial on Thursday and issued a reminder that it was against its terms of service for a user to access an account belonging to someone else or to share a password.
(Source: AFP)
Full story
AFP
Ben Alexander spent nearly every waking minute playing the video game "World of Warcraft." As a result, he flunked out of the University of Iowa. He needed help to break an addiction he calls as destructive as alcohol or drugs.
Internet addiction is not recognized as a separate disorder by the American Psychiatric Association, and treatment is not generally covered by insurance. But there are many such treatment centers in China, South Korea and Taiwan - where Internet addiction is taken very seriously - and many psychiatric experts say it is clear that Internet addiction is real and harmful.
(Source: AP)
Full story
AP
Thursday, September 03, 2009
A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.
In a broad set of new recommendations for privacy regulations released Tuesday, the groups also called on the U.S. Congress to prohibit Web sites and ad networks from collecting behavioral information about children under age 18, whenever it's possible to distinguish the age of the Web user, and to require that online businesses inform consumers about the purpose of the information collection.
(Source: ComputerWorld)
Full story
ComputerWorld
Google said Tuesday's widespread Gmail outage occurred when the company took some servers offline to perform routine maintenance, causing its remaining routers to become overloaded with traffic. "We know how many people rely on Gmail for personal and professional communications, and we take it very seriously when there's a problem with the service." wrote Ben Treynor, a Google vice president of engineering.
Gmail's problems were a top trending topic on Twitter, with users trading updates and posting links to blogs such as Mashable, which published a post called, "5 Things to Do While Gmail is Down." (No. 1: "Immediately flood Twitter with tweets alternately proclaiming 'Gmail is down!' and inquiring 'Is Gmail down?' ")
(Source: CNN)
Full story
CNN
Wednesday, September 02, 2009
Federal judge George Wu officially overturned the conviction of Lori Drew, who was convicted of cyberbullying 13-year-old Megan Meier to suicide. That conviction was based on the federal Computer Fraud and Abuse Act (CFAA), which makes it a crime to intentionally accessing a computer system with intent to commit a crime or tort.
At trial, the jury found Drew guilty of misdemeanor violations of CFAA based on the theory that accessing MySpace with intent to harrass Meier was an unauthorized access of an interstate computer.
(Source: ZDNet)
Full story
ZDNet
Tuesday, September 01, 2009
This is a story about love and Twitter, hope and the relative safety of a Walmart parking lot. Six months ago, Brianna Karp found herself living in an old truck and camper she inherited after the suicide of a father she barely knew.
She wrote as a way to stay in touch with the world. Soon, other homeless people were leaving comments on her blog, telling their stories and cheering her on. "I was definitely surprised just how many homeless and former homeless people are online and using social media to seek opportunities," Karp said. She blogged from Starbucks while she continued to search for work, buying $5 cards each month that entitled her to sip coffee and soak up unlimited Wi-Fi.
(Source: AP)
Full story
AP
If Google Inc. digitizes the world's books, how will it keep track of what you read? That's one of the unanswered questions that librarians and privacy experts are grappling with as Google attempts to settle a long-running lawsuit by publishers and copyright holders and move ahead with its effort to digitize millions of books, known as the Google Books Library Project.
Librarians and the online world have different standards for dealing with user information. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, August 31, 2009
Facebook has agreed to make worldwide changes to its privacy policy as a result of negotiations with Canada's privacy commissioner. Last month the social network was found to breach Canadian law by holding on to users' personal data indefinitely.
It will also make it clear that users can deactivate or delete their account. "These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected," said Canadian privacy commissioner Jennifer Stoddart.
(Source: BBC)
Full story
BBC
There's still plenty of room for innovation today, yet the openness fostering it may be eroding. While the Internet is more widely available and faster than ever, artificial barriers threaten to constrict its growth. Call it a mid-life crisis. A variety of factors are to blame. Spam and hacking attacks force network operators to erect security firewalls.
"There is more freedom for the typical Internet user to play, to communicate, to shop — more opportunities than ever before," said Jonathan Zittrain, a law professor and co-founder of Harvard's Berkman Center for Internet & Society. "On the worrisome side, there are some longer-term trends that are making it much more possible (for information) to be controlled."
(Source: AP)
Full story
AP
Friday, August 28, 2009
Users of social networking sites such as Facebook and Twitter could face higher insurance premiums because burglars may be using them to find out their personal details. The Digital Criminal report, which polled 2,000 social network users, found nearly two fifths had posted details of their holiday plans, with nearly two thirds of 16-24 year-olds doing so.
"I call it 'internet shopping for burglars'. It is incredibly easy to use social neyworking sites to target people, and then scope out more information on their actual home using other internet sites like Google Street View, all from the comfort of the sofa."
(Source: Telegraph)
Full story
Telegraph
A vulnerability in Twitter Inc.'s popular microblogging service remains unfixed and can be used by criminals to hijack accounts or redirect users to malicious Web sites, a developer claimed today. The cross-site scripting bug in Twitter allows hackers to insert malicious JavaScript into tweets simply by adding code to a field of an API used by third-party Twitter application developers.
A software developer, a U.K.-based search optimization specialist, Slater recommended that, until Twitter patches the vulnerability, users should stop following any Twitterers they don't personally know or trust. "Who's to say they're not already stealing your details? If you don't see their tweets, they can't harm you,"
(Source: ComputerWorld)
Full story
ComputerWorld
Thursday, August 27, 2009
Internet service providers (ISPs) have reacted with anger to new proposals on how to tackle internet piracy. The government is proposing a tougher stance which would include cutting off repeat offenders from the net.
TalkTalk's director of regulation Andrew Heaney told that the ISP was as keen as anyone to clamp down on illegal file-sharers. "This is best done by making sure there are legal alternatives and educating people, writing letters to alleged file-sharers and, if necessary, taking them to court. But disconnecting alleged offenders will be futile given that it is relatively easy for determined file-sharers to mask their identity or their activity to avoid detection," he added.
(Source: BBC)
Full story
BBC
Users of social networks are concerned about security but few are taking the steps necessary to protect themselves against online crime, according to a survey released on Wednesday.
Nearly 20 percent of those surveyed said they have experienced identity theft, 47 percent have been victims of malware infections and 55 percent have seen "phishing" attacks, in which hackers seek to capture password information. They also suggested that passwords be changed at least once a month and that friends or coworkers not be allowed to access one's personal computer.
(Source: AFP)
Full story
AFP
Wednesday, August 26, 2009
Fans searching for "Jessica Biel" or "Jessica Biel downloads," "Jessica Biel wallpaper," "Jessica Biel screen savers," "Jessica Biel photos," and "Jessica Biel videos" have a one in five chance of landing at a Web site that has tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware. McAfee's conclusion: Searching for the latest celebrity news and downloads can cause serious damage to personal computers.
"Consumers' obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer."
(Source: NewsFactor)
Full story
NewsFactor
Internet criminals might be rethinking a favorite scam for stealing people's personal information. A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.
To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.
(Source: AP)
Full story
AP
Tuesday, August 25, 2009
The average gamer, far from being a teen, is actually a 35-year-old man who is overweight, aggressive, introverted — and often depressed, according to a report out this week from the Centers for Disease Control and Prevention (CDC). The study also shows that when children and teenagers become game players, a trend toward physical inactivity and corresponding health problems extends -- and is exacerbated -- into adulthood.
"Among researchers, there is growing concern and uncertainty about the health consequences of video game playing," the CDC reported.
(Source: ComputerWorld)
Full story
ComputerWorld
The German government warned job-seekers Friday to avoid posting potentially compromising pictures or remarks on social networking sites such as Facebook, citing a study about their use by employers. Consumer affairs minister Ilse Aigner "calls on citizens who use the Internet often to think about what they put online," a spokeswoman for her ministry told a regular government news conference.
28 percent of the around 500 German companies polled searched for information about their would-be employees' hobbies, political opinions and personal lives.
(Source: AFP)
Full story
AFP
Monday, August 24, 2009
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer. He has had an unhealthy obsession with computers since the age of 8. "He was self-taught, He didn't go out in the sandbox or play baseball. The computer was his best friend."
"It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
(Source: ComputerWorld)
Full story
ComputerWorld
Friday, August 21, 2009
The first US retreat for Internet addicts has opened its doors, welcoming a teenager that was captive to World of Warcraft online role-playing videogame. The 19-year-old boy went from pursuing quests in Azeroth to bottle-feeding baby goats and building a chicken coop as part of a reStart Internet Addiction Recovery Program at a rural five acre spread in the state of Washington.
"It is about helping people addicted to technology get through the withdrawal and help their brains get wired back to normal and connected to the world in a positive way. Games are really designed to keep people hooked. Those that stay hooked are people really vulnerable for whom the world is painful or scary."
(Source: AFP)
Full story
AFP
Facebook, for better or worse, is like being at a big party with all your friends, family, acquaintances and co-workers. There are lots of fun, interesting people you're happy to talk to when they stroll up.
Sure, Facebook can be a great tool for keeping up with folks who are important to you. But far more posts read like navel-gazing diary entries, or worse, spam. A recent study categorized 40 percent of Twitter tweets as "pointless babble," and it wouldn't be surprising if updates on Facebook, still a fast-growing social network, break down in a similar way. Here are 12 of the most annoying types of Facebook users:
(Source: CNN)
Full story
CNN
Thursday, August 20, 2009
A Canadian model has won a landmark case in a New York court after Google was forced to disclose the online identity of a blogger who anonymously posted derogatory comments about the Vogue covergirl. The ruling came after Liskula Cohen, 36, filed suit in a bid to unmask the identify of her tormentor, who posted suggestive photographs of Cohen on the blog and described her as a "ho" and a "psychotic, lying, whoring... skank."
Google said that while the company does not tolerate "cyber bullying" it is also respectful of privacy. "We sympathize with anyone who may be the victim of cyber bullying,"
(Source: AFP)
Full story
AFP
The clock is ticking, people are dying and a flu virus is sweeping the globe -- that is the scenario of a new computer game designed to make people think about how to respond to the swine flu pandemic. In "The Great Flu", players must choose whether or not to stockpile anti-viral drugs and deploy research teams to new areas of outbreak as the number of infections and deaths rises and more countries are affected.
"The game is very realistic and has an educational value. It informs people how the virus spreads, what the flu is and on the ways to fight the pandemic."
(Source: AFP)
Full story
AFP
Wednesday, August 19, 2009
A 14-year-old boy was in critical condition in hospital with kidney failure after repeated beatings at an Internet rehabilitation camp in southwest China, state media said Wednesday. The incident in Sichuan province took place just weeks after another teenage boy was beaten to death at a similar rehabilitation centre in the south of the country where his parents had sent him to cure his Internet addiction.
China has 10 million teenage web addicts, the China Daily said, citing data from the China Youth Internet Association. The association said last week that there are at least 400 private Internet rehabilitation clinics nationwide.
(Source: AFP)
Full story
AFP
US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.
They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.
(Source: BBC)
Full story
BBC
Tuesday, August 18, 2009
The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret. The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks.
Bombers struck targets throughout the country, and at the same time Georgian media and government sites fell under DDOS attack.
(Source: ComputerWorld)
Full story
ComputerWorld
A new hacking incident report warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter. Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to Internet security specialists.
"A lot of Web 2.0 widgets, mashups and the like that users go for make it easy for all these guys to launch attacks." Facebook became an Internet star after opening its platform to widgets, mini-applications made by outside developers, and now boasts more than 250 million members.
(Source: AFP)
Full story
AFP
Monday, August 17, 2009
The Twitter micro-blogging service was knocked offline this morning for
several hours as a result of a denial of service attack (DDoS). Twitter
has confirmed and reported the attack
in a post
on its official blog earlier today: "We are defending against this
[DDos] attack now and will continue to update our status blog as we
continue to defend and later investigate." The company later reported
that the service as been resumed but they are still continuing to
defend against and recover from this attack. No further updates have
been provided yet. Several sources are also reporting problems with
Facebook today.
(Source: CircleID)
Full story
CircleID
A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil.
Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter. A Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.
(Source: AP)
Full story
AP
Friday, August 14, 2009
Foreign pornography producers are suing South Korean Internet users for breach of copyright by uploading their content onto local websites, police said Thursday. In an unusual case, a local law firm representing 50 US and Japanese porn producers has filed suit against about 10,000 heavy uploaders.
The lawsuit was filed simultaneously through 10 police stations in Seoul and the adjoining Gyeonggi province, a National Police Agency spokesman said, refusing to give details. "We selected about 10,000 user IDs that earned financial benefits from habitually uploading pornography on websites," an official of the unidentified law firm told local media.
(Source: AFP)
Full story
AFP
Children are using the Internet to watch YouTube videos, connect with friends on social network sites and look up "sex" and "porn", according to a study of the top Web searches by youngsters. The words "sex" and "porn" also made it into the top 10, ranked numbers four and six respectively.
"It also helps identify "teachable moments" when parents should be talking with their kids about appropriate online behavior and other issues in their kids' online lives," California-based Symantec's Internet safety advocate Marian Merritt said in a statement.
(Source: Reuter)
Full story
Reuter
Thursday, August 13, 2009
The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.
Computer security experts disagree over the skill level of the DDOS (distributed denial-of-service) attacks, which over the course of a few days in early July caused problems for some of the Web sites targeted, including South Korean banks, U.S. government agencies and media outlets. The DDOS attack was executed by a botnet, or a group of computers infected with malicious software controlled by a hacker. That malware was programmed to attack the Web sites by bombarding them with page requests that far exceed normal visitor traffic. As a result, some of the weaker sites buckled.
(Source: ComputerWorld)
Full story
ComputerWorld
Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.
The fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the company's checkbook. By tricking the victim into running software, opening a harmful attachment or visiting a malicious Web site, the criminals are able to install keylogging software and steal bank account passwords.
(Source: ComputerWorld)
Full story
ComputerWorld
Wednesday, August 12, 2009
A growing number of South Korean companies are opening Twitter accounts to better connect with consumers and generate buzz for their products. However, industrial heavyweights such as Samsung Electronics, Hyundai Motor, SK Group and Lotte Group are not among them. Should they decide to join the 140-word Web phenomenon, they will have to acknowledge that they will be unable to use their own corporate brands.
A Twitter account created under Samsung's name has been currently suspended by the Internet company due to "strange activity," which could mean anything from service violations, technical abuse and spam distribution.
(Source: The Korea Times)
Full story
The Korea Times
Worried that your relationship is going south? Maybe it's time to get off Facebook. A study released by the University of Guelph in Ontario shows that the Facebook social network increases jealousy in users' romantic relationships. The study, which was published in the latest issue of CyberPsychology and Behaviour, concluded that the more time people spend on Facebook, the more jealous they get.
"This may include details about their partner's friendships and social exchanges, especially interactions with previous romantic or sexual partners." The simple availability of information -- whether it's a girlfriend's posts, or photos and details about her friends and exes -- seems to increase a person's desire to search for even more information, say researchers.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, August 11, 2009
The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia - but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.
"It told us how quickly many people really took Twitter into their hearts," Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday. Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip. Twitter "is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it."
(Source: AP)
Full story
AP
A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products.
"This is maybe one of the top European centers of crap," he said in an e-mail interview. Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity.
(Source: PCWorld)
Full story
PCWorld
Monday, August 10, 2009
A group of teenagers have reacted to warnings that using sites like Facebook, Bebo and Myspace can leave them traumatised. The Archbishop of Westminster, the Most Reverend Vincent Nichols, says the sites encourage users to value the number rather than quality of friends they have.
He’s worried this makes people get too many temporary friends instead of real, genuine ones. He said: “It’s an all or nothing syndrome that you have to have in an attempt to shore up identity. "Friendship is not a commodity, friendship is something that is hard work and enduring when it’s right.”
(Source: BBC)
Full story
BBC
The distributed denial-of-service (DDOS) attacks that knocked out Twitter for hours and affected other sites like Facebook, Google's Blogger, and LiveJournal on Thursday continued all day Friday and may persist throughout the weekend. In its latest update, posted to a discussion forum of its third-party developers at 11 p.m. U.S. Eastern Time on Friday, Twitter reports it's still fighting the attacks.
"The DDoS attack is still ongoing, and the intensity has not decreased at all," wrote Chad Etzel, from Twitter's application development platform support team.
(Source: PCWorld)
Full story
PCWorld
Friday, August 07, 2009
One of Israel's main political parties has shut down its website following an attack by Palestinian hackers, according to reports. Attackers on the official Kadima website posted images of wounded Palestinians and the aftermath of suicide bombings in Israel.
Slogans in both Hebrew and Arabic were also placed on the site, including threats to party leader Tzipi Livni. Kadima, a centrist political party that favours a two-state solution to the Middle East conflict, is the largest party in the Israeli parliament.
(Source: BBC)
Full story
BBC
Micro-blogging service Twitter and social networking site Facebook have been severely disrupted by hackers. Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.
The popular sites were subject to so-called denial-of-service attacks on Thursday, the companies believe. Denial-of-service (DOS) attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.
(Source: BBC)
Full story
BBC
A suspected pedophile surrendered to police after German law enforcement published clips from videos of child pornography allegedly showing the man. The German Federal Criminal Investigations Office also posted several photos and audio samples of the man's voice as they reached out to the public for clues leading to his arrest.
Police said they found about 42 videos in which the suspected pedophile abused children, believed to be between the ages of 5 and 7 at the time. The Investigator's Office said the man used violence against the children in some of the clips. The German Federal Criminal Investigations Office has been using technology to combat child pornography for several years.
(Source: CNN)
Full story
CNN
Thursday, August 06, 2009
The US Marine Corps on Tuesday renewed a ban on Twitter and other social networking sites as the Pentagon weighed a similar prohibition over cybersecurity concerns. The Marines had already banned the use of social media on military networks but issued a more detailed order this week defining which sites were out of bounds and noting possible exceptions to the rule, Marine Corps spokesman Lieutenant Craig Thomas told AFP.
"These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries," the Marine Corps said in an order posted on its website.
(Source: AFP)
Full story
AFP
In hindsight, it seems so obvious. We look back at the creepy online ramblings of a tortured soul like George Sodini and realize we should have known all along of the horrors to come. That is, if anyone actually read Sodini's Web page before he sprayed bullets into a suburban Pittsburgh fitness class, killing three women and then himself.
Certainly, anyone happening upon Sodini's tortured online thoughts before his rampage Tuesday would have had ample cause for alarm. His date of death is listed right at the top, under his name and birthdate: "DOD 8/4/2009." Later, a description of his first attempt at what he calls "this project," in January. "It is 8:45 p.m.: I chickened out! I brought the loaded guns, everything. Hell!" And then, on Monday: "Tomorrow is the big day."
(Source: AP)
Full story
AP
Wednesday, August 05, 2009
Police are searching for a missing schoolgirl, believed to have run away with a man she met on the internet site Bebo. Clare Haver, 14, of Bourne, Lincolnshire, has been missing since July 25 and is thought to be with 23-year-old Michael Ellis. Police revealed today that Ellis has mental health issues and appealed for Haver to return to her family.
She met jobless Ellis, of Lincoln, on the social networking site Bebo seven months ago. The week before last he joined her while she was on a camping trip with a friend in Skegness.
(Source: Times)
Full story
Times
Parents have been warned of a new teenage trend of "sexting", in which children exchange explicit photos of themselves by text. More than a third of secondary school children have been sent messages containing sexual content, a survey showed.
Researchers found youngsters were regularly being sent sex texts or "sexts" - often by their school friends. The messages contain images of sex acts involving young people but more generally of boys and girls exposing themselves. Material is sent to mobile phones via texts, transferred using Bluetooth or uploaded to social networking groups. Girls are bullied into taking, and sharing, explicit pictures of themselves, the charity warned.
(Source: Telegraph)
Full story
Telegraph
Tuesday, August 04, 2009
A teenager was allegedly beaten to death by trainers at a rehabilitation camp in southern China where his parents had sent him to cure his Internet addiction, reports said Tuesday.
The three supervisors who allegedly beat Deng Senshan, 16, were arrested after the boy's death early Sunday, his father Deng Fei told the Global Times. "We are investigating a case where a high school student was beaten to death by his camp supervisors. The case is still under investigation," a police officer in Nanning, Guangxi region, was quoted as saying.
More than 10 million of the country's 100 million teenage web surfers are Internet addicts, the China Daily said, citing a survey by the China Youth Internet Association last year.
(Source: The Economic Times)
Full story
The Economic Times
High-tech Japan is gearing up for elections, but you won't hear a tweet from Prime Minister Taro Aso or his main rivals. When election campaigning officially begins on August 18, a cyberspace ban will make it illegal for politicians to update their Internet blogs, share their political views by email or put new videos online.
It is an odd situation in one of the world's most wired countries, where more than 60 percent of the population regularly uses the Internet. Japanese politicians "are missing a real chance to try to generate interest among young voters by not allowing cyber campaigning," said Professor Jeff Kingston, director of Asian Studies at Temple University in Tokyo.
(Source: AFP)
Full story
AFP
Monday, August 03, 2009
Chinese hackers crashed the website of Australia's biggest film festival, organisers said on Saturday, escalating tensions over a visit here by the exiled leader of the Uighur minority. Online bookings for the Melbourne International Film Festival had to be shut down after the site was bombarded with phony purchases which resulted in the entire program being sold out, said festival spokeswoman Asha Holmes.
A Chinese citizen living in the United States had alerted organisers to the viral campaign, which originated from a website in China titled "A Call to Action to All Chinese People", said Holmes.
(Source: AFP)
Full story
AFP
A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.
Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.
(Source: AP)
Full story
AP
Thursday, July 30, 2009
Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites -- name, date of birth, address, job details, email and phone numbers -- is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of Internet enthusiasts, said.
A vicious virus Koobface -- "koob" being "book" in reverse -- has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.
(Source: AFP)
Full story
AFP
Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.
The US software giant said that the security update would be automatically installed for Internet Explorer users who have automatic updating enabled on their computers but would need to be installed manually by other users. "These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.
(Source: AFP)
Full story
AFP
Wednesday, July 29, 2009
The U.S. Department of Health and Human Services (HHS) is about to rule whether health care entities will need to notify patients if their de-identified data -- patient data that has been stripped of all potential for identifying individuals, which is often used for research and development -- is breached. As it stands now, de-identified data is not subject to the new breach-notification rules imposed by the HITECH privacy provisions of the 2009 American Recovery and Reinvestment Act (ARRA) stimulus package. The debate pits privacy activists on the one side -- who often support notification -- with health care organizations on the other, which say the quality of health care hangs in the balance.
(Source: ComputerWorld)
Full story
ComputerWorld
China has banned Web sites from advertising or linking to games that glamorize violence, another step in China's censorship campaign aimed at ensuring social stability ahead of the 60th anniversary of communist rule on Oct. 1.
A notice posted on the Culture Ministry Web site on Monday said games that promote drug use, obscenities, gambling, or crimes such as rape, vandalism and theft are "against public morality and the nation's fine cultural traditions." "Such online games promote the glorification of mafia life ... and are a serious threat to the moral standards of society causing vulnerable young people to be adversely affected," the notice said. The ban on the Web sites starts immediately.
(Source: AP)
Full story
AP
Tuesday, July 28, 2009
Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."
The U.S. Cyber Challenge initiative will bring together three cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. The organizers of the U.S. Cyber Challenge also plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.
(Source: ComputerWorld)
Full story
ComputerWorld
An undersea cable plugging east Africa into high speed Internet access went live Thursday, providing an alternative to expensive satellite connections.
SEACOM, the cable provider company, opened its 17,000 kilometer submarine cable, capable of 1.28 terabytes per second, allowing the region true connectivity. Most Africans rely on expensive and slow satellite connections, which make the use of applications such as YouTube and Facebook extremely trying. "This is going to reduce the cost of doing business in Africa, within Africa and with international parties" said Suveer Ramdhani, SEACOM spokesman in South Africa.
(Source: CNN)
Full story
CNN
Monday, July 27, 2009
Russia's most powerful business lobby moved to clamp down on Skype and its peers this week, telling lawmakers that the Internet phone services are a threat to Russian businesses and to national security.
In partnership with Prime Minister Vladimir Putin's political party, the lobby created a working group to draft legal safeguards against what they said were the risks of Skype and other Voice over Internet Protocol (VoIP) telephone services.
(Source: Reuter)
Full story
Reuter
The number of Internet users in China is now greater than the entire population of the United States, after rising to 338 million by the end of June, state media reported Sunday.
China's online population, the largest in the world, rose by 40 million in the first six months of 2009, the official Xinhua news agency reported, citing a report by the China Internet Network Information Center. The number of broadband Internet connections rose by 10 million to 93.5 million in the first half of the year, the report said.
(Source: AFP)
Full story
AFP
Friday, July 24, 2009
The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.
This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. They're the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.
(Source: ComputerWorld)
Full story
ComputerWorld
The first undersea cable to bring high-speed internet access to East Africa has gone live. The fibre-optic cable, operated by African-owned firm Seacom, connects South Africa, Tanzania, Kenya, Uganda and Mozambique to Europe and Asia.
Five institutions are already benefiting from the faster speeds - national electricity company Tanesco, communications company, TTCL, Tanzania Railways and the Universities of Dar es Salaam and Dodoma.
(Source: BBC)
Full story
BBC
Thursday, July 23, 2009
Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.
The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another." The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites.
(Source: AP)
Full story
AP
Hackers will soon gain a powerful new tool for breaking into Oracle Corp's (ORCL.O) database, the top-selling business software used by companies to store electronic information.
Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking. The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web.
(Source: Reuter)
Full story
Reuter
Wednesday, July 22, 2009
Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.
According to a study to be released Tuesday by the privacy-focused Ponemon Institute, companies' chief executives tend to value cybersecurity just as--if not more--highly than their executive colleagues. But compared to lower-level execs, CEOs also tend to underestimate the frequency of cyberthreats their organization faces.
(Source: Forbes)
Full story
Forbes
The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.
About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study. "Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure -- and the sensitive data stored on it -- at risk," the Sophos report said.
(Source: Reuter)
Full story
Reuter
Tuesday, July 21, 2009
Lawmakers in France's lower house of parliament are to start debate Tuesday on a new version of a bill aimed at cracking down on online piracy by cutting the Internet connections of those who illegally download movies and music.
An earlier version of the bill was found to be unconstitutional. Legislators in the National Assembly are to debate the amended bill through Friday, but decided not to take a vote on it until they return from summer recess in September.
(Source: AP)
Full story
AP
"Internet Addiction Disorder." According to Wikipedia, "IAD was originally proposed as a disorder in a satirical hoax by Ivan Goldberg, M.D., in 1995. He took pathological gambling as diagnosed by the Diagnostic and Statistical Manual of Mental Disorders (DSM-IV) as his model for the description of IAD. However, IAD receives coverage in the press, and its classification as a psychological disorder is being debated and researched."
In China, it is considered to be an epidemic. Last year China estimated that of the country's 40 million underage Internet users, some 10% were "addicted" to the Web. Surveys discovered that about 42% of these kids said they felt "addicted" while only 18% of US children felt similarly.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, July 20, 2009
The popular social networking site Facebook is not doing enough to protect the personal information it gets from subscribers, and it gives users confusing and incomplete information about privacy matters, Canada's privacy commissioner said on Thursday.
"It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," Privacy Commissioner Jennifer Stoddart said in a report on an investigation into Facebook.
(Source: Reuter)
Full story
Reuter
Seth Owusu knew at a young age that he wanted to help his countrymen. "I came from Ghana," Owusu recalls. "It all started when I was in primary school and we had some missionaries come to the school."
Just after he graduated from a technical college, Owusu established Entire Village Computer Organization, a small nonprofit organization that donates refurbished used computers to schools. EVCO goes much further than simply dropping off the computers in villages.
(Source: CNN)
Full story
CNN
Friday, July 17, 2009
Facebook founder Mark Zuckerberg announced the number of people using the online social networking service has climbed to 250 million.
Palo Alto, California-based Facebook was founded in 2004 and has become the most popular online social networking service, eclipsing News Corporation-owned MySpace.
"The rapid pace of our growth is humbling and exciting for us," Zuckerberg said in a message posted at Facebook's official blog. "For us, growing to 250 million users isn't just an impressive number; it is a mark of how many personal connections all of you have made."
(Source: AFP)
Full story
AFP
The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst. The address is registered to Global Digital Broadcast in the U.K. "Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker," Nguyen wrote.
The results contradict assertions made by some in the U.S. and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered.
(Source: ComputerWorld)
Full story
ComputerWorld
The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.
"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone. In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.
(Source: BBC)
Full story
BBC
Thursday, July 16, 2009
As such, Facebook is quickly becoming a hotbed of activity for all kinds of malware and financial scams. With 200 million registered users, Facebook represents an ocean of fish which are all accessible in one convenient place. It helps that many Facebook users are relatively unsophisticated at the web and especially the complex security issues surrounding it, and are thus more susceptible to attacks delivered via the social network.
Facebook says it's doing its part to fight the problem, but it can't monitor every bit that passes through its servers. Less than 1 percent of its users have been victimized over the last five years, it says. That sounds good, until you realize that could be up to 2 million people, hardly a drop in the bucket.
(Source: Yahoo)
Full story
Yahoo
A British hacker who has been fighting extradition to the United States for seven years today made an eleventh-hour appeal to a British court to be tried in the U.K. instead of in a U.S. federal court.
Gary McKinnon, 43, has admitted that in 2001 he broke into U.S. Department of Defense, NASA and U.S. Army computer systems. However, McKinnon has been using a series of legal maneuvers and appeals to fight extradition to the U.S. since he was indicted in November 2002 in the U.S. District Court for the Eastern District of Virginia on charges related to the computer hacks.
(Source: ComputerWorld)
Full story
ComputerWorld
Wednesday, July 15, 2009
Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair. The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
Cybercriminals target Microsoft programs because they are so widely used, allowing them to go after the largest number of potential victims with one set of code. (Windows runs more than 90 percent of the world's PCs. Office has some 500 million users).
(Source: Reuter)
Full story
Reuter
The number of botnets and of computers controlled by them in China has fallen in recent years, though the country remains a top host for the networks of compromised computers, according to the government and independent researchers.
Over 1.2 million computers in China were newly infected with software that enabled their control by a botnet last year, about one-third the figure for the previous year, according to a report published late last month by China's National Computer Network Emergency Response Technical Team (CNCERT). That followed an equally steep fall from 2006, when the team estimated there were 10 million new infections in China.
(Source: ComputerWorld)
Full story
ComputerWorld
Tuesday, July 14, 2009
Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.
"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.
Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.
(Source: AFP)
Full story
AFP
The police are to examine claims that a huge mobile phone hacking operation was launched by the News of the World, targeting thousands of people. The Guardian says the Sunday paper's reporters paid private investigators to hack into phones, many of them owned by politicians and celebrities. It is alleged details were suppressed by the police and the High Court.
Prime Minister Gordon Brown said: "This raises questions that are serious and will obviously have to be answered." Metropolitan Police Commissioner Sir Paul Stephenson has ordered a senior officer to "establish the facts".
(Source: BBC)
Full story
BBC
Monday, July 13, 2009
The defendant in the case of a MySpace hoax that ended in a girl's suicide applauded a federal judge for tentatively dismissing her conviction that could have resulted in up to three years in prison.
Prosecutors had argued that Drew and an accomplice, who was granted immunity, pretended to be a teenage boy named Josh, and used that identity to at first flirt with 13-year-old Megan Meier, an emotionally troubled classmate of Drew's daughter, before turning on her.
(Source: People)
Full story
People
South Korean police said they have arrested a hacker for staging cyber attacks similar to those that crippled domestic and US websites this week.
The 39-year-old identified only as Choi is accused of paralysing the homepage of the government Game Rating Board by using a distributed denial-of-service (DDoS) method.
Choi was an agent for software developers seeking approval from the board for new games. Because he failed to finish one job on time, he crashed the site to create an excuse for his tardiness. Choi is accused of buying a hacking programme from an ethnic Korean in China.
(Source: AFP)
Full story
AFP
Friday, July 10, 2009
Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.
The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.
Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.
(Source: AFP)
Full story
AFP
New York's attorney general charged Thursday that Tagged.com stole the identities of more than 60 million Internet users worldwide — by sending e-mails that raided their private accounts. Andrew Cuomo said he plans to sue the social networking Web site for deceptive marketing and invasion of privacy.
"This company stole the address books and identities of millions of people," Cuomo said in a statement. "Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their e-mail contacts for Tagged's unethical — and illegal — behavior."
(Source: AP)
Full story
AP
Thursday, July 09, 2009
A denial of service attack that took down some of South Korea's highest profile Web sites on Wednesday is set to resume Thursday evening, according to computer security specialist AhnLab. The attack will restart at 6pm local time (9am GMT) and be directed at a smaller number of sites that those hit a day earlier. They will include government Web sites and the home pages of the Chosun Ilbo newspaper and Kookmin Bank.
A denial of service attack involves sending a massive volume of traffic to a Web site so that it becomes overloaded. While some users will occasionally be able to access the site being attacked most will see nothing until a network time-out message appears.
(Source: ComputerWorld)
Full story
ComputerWorld
A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.
The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).
(Source: ComputerWorld)
Full story
ComputerWorld
A Long Island, New York, social worker is facing two misdemeanor charges after allegedly posting a sexually suggestive ad on Craigslist that gave interested parties the home phone number of a 9-year-old girl.
Officials told CNN affiliate News 12 in Long Island that the Craigslist ad read "I need a little affection... I'm blond, I'm cute and I'll be waiting." Interested parties were directed to an e-mail address where they were given the girl's name and home phone number. Callers were unaware they were trying to reach a 9-year-old.
(Source: CNN)
Full story
CNN
Wednesday, July 08, 2009
A series of cyber-attacks that targeted and paralyzed government networks and leading portal servers Tuesday and Wednesday are raising concerns that the world's self-proclaimed Internet powerhouse is prone to hacking and other cyber security threats.
The prosecution and police launched an investigation Wednesday to track the origin of hackers who hijacked a dozen local Internet sites, including those run by Cheong Wa Dae, the National Assembly, the Ministry of National Defense and top Web portal Naver, from Tuesday evening to Wednesday morning.
(Source: The Korea Times)
Full story
The Korea Times
A U.S. district court has ordered key players in an international spam ring to give up $3.7 million that they made by sending out illegal e-mail messages pitching bogus hoodia weight-loss products and a “human growth hormone” pill they claimed reversed the aging process.
In a Federal Trade Commission law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and the CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.
(Source: Federal Trade Commission)
Full story
Federal Trade Commission
Friday, July 03, 2009
The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections.
Any involvement of the NSA - the agency oversees electronic intelligence-gathering - in protecting domestic computer networks worries privacy and civil liberties groups who oppose giving such control to U.S. spy agencies.
(Source: AP)
Full story
AP
One of Britain's biggest online paedophile inquiries is to be challenged in the court of appeal amid allegations from campaigners that hundreds of men have been wrongly convicted in a mass miscarriage of justice.
Senior officers in Ceop, the child exploitation and online protection unit, who co-ordinated the inquiry, have been anticipating the test case for some time. They are adamant that Ore was an extremely successful operation, which led to more than 2,600 British men who downloaded images of child abuse, or attempted to, being brought to justice. The vast majority of them pleaded guilty.
(Source: Guardian)
Full story
Guardian
Thursday, July 02, 2009
Lori Drew, 50, pretended to be a boy on the MySpace website to befriend Megan Meier, who hanged herself after the virtual friendship ended. Sentencing will take place this week in the first federal cyber bullying case in the US which was brought to trial after a teenage girl took her own life.
The US National Crime Prevention Council in a report last year found that 43% of teens are exposed to cyber bullying in one form or another yet only one in 10 kids told their parents. "Cyber bullying can have such a devastating effect on our young people from depression to falling grades and low self esteem. This case shows however that cyber bullying is not something that just young people commit but we as adults can also be at fault," said the council's Michelle Boykin.
(Source: BBC)
Full story
BBC
The head of the U.S. Secret Service on Tuesday signed a memorandum of understanding with the head of the Italian police and the chief executive officer of the Italian Postal Service to set up an international task force to combat cyber crime.
"This is not a borderless crime and we believe there needs to be a reaction at an international level. We'll provide all our resources to make that happen," Mark Sullivan, the director of the U.S. Secret Service, said after signing the accord at a ceremony at the Italian interior ministry.
(Source: CIO)
Full story
CIO
Wednesday, July 01, 2009
China has announced it would indefinitely postpone a mandate requiring all personal computers sold in the country to be accompanied by a controversial content-filtering application, state media reported.
A June 24 letter from the U.S. Department of Commerce to the Chinese government listed "numerous concerns raised by global technology companies, Chinese citizens, and the worldwide media about the stability of the software, the scope and extent of the filtering activities and its security weaknesses."
Despite such communication, there has been no indication so far from the Chinese government that the rule will be revoked, only delayed.
(Source: CNN)
Full story
CNN
A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.
Matthew Weigman, 19, was part of a group of telephone hackers that met up on telephone party lines and was associated with more than 60 "swatting" calls to 911 numbers across the country. Weigman, known as "Little Hacker," became involved in telephone hacking around age 14 and continued to operate until last year.
(Source: PCWorld)
Full story
PCWorld
Tuesday, June 30, 2009
Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said as it warned that more junk mail was in the offing. Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of "Confidential -- Michael Jackson."
The spam wasn't pitching a product or leading users to a phishing or malware Web site. Instead it was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, June 29, 2009
Police in western Switzerland have broken a paedophile online network operating in nearly 80 different countries, the official Swissinfo.ch news website reported Sunday.
At least 32 people across Switzerland are now under investigation due to suspected connections with the case, the website quoted police in the canton of Vaud as saying.
A police official said cybercrime experts in Lausanne were alerted by Interpol more than a year ago that pornographic details were hidden on a website for hip-hop music run by a webmaster in western Switzerland.
(Source: Mathaba)
Full story
Mathaba
Friday, June 26, 2009
Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.
Launching Britain's first national cyber security strategy, security minister Alan West said hostile states and criminals were increasingly attacking British interests online and al Qaeda and like-minded groups were seeking the ability to do so.
"We know that various state actors are very interested in cyber warfare," West, a junior minister at the Home Office (Interior Ministry), told reporters. "The terrorist aspect of this is the least (concern), but it is developing."
(Source: Reuter)
Full story
Reuter
China on Thursday stepped up accusations that Google is spreading obscene content over the Internet, a day after U.S. officials urged Beijing to abandon plans for controversial filtering software on new computers.
The growing friction over control of online content threatens to become another irritant in ties at a time the world is looking for the United States and China to cooperate in helping to pull the global economy out of its slump.
China's Foreign Ministry on Thursday accused Google's English language search engine of spreading obscene images that violated the nation's laws, less than 24 hours after disruptions to the company's search engines and other services within China.
(Source: Reuter)
Full story
Reuter
Thursday, June 25, 2009
Recently scammers have become more aggressive on the site. They will set up new accounts and post spam messages on hot topics in hopes of gaining clicks when people search through Twitter.
And while hacked Twitter accounts are still rare, they're a much more effective way to reach victims, according to Rik Ferguson, a researcher with Trend Micro. "If you can take over an account that has a couple of thousand followers then you can get a much better return on your investment."
(Source: ComputerWorld)
Full story
ComputerWorld
Wednesday, June 24, 2009
China will limit the number of messages that a mobile number can send per day to battle rampant spam messages clogging cell phones, state media said on Friday.
Spam messages, largely consisting of real estate offers, ads for English lessons, fake tax receipts and other frauds have grown very quickly in China in recent years. It is not unusual to receive dozens of messages a day, including the odd gun ad.
One mobile number cannot send more than 200 messages per hour or 1,000 per day on weekdays, according to the agreement. On holidays, 500 messages per hour and 2,000 per day may originate from one number.
(Source: Reuter)
Full story
Reuter
The US military announced a new "cyber command" designed to wage digital warfare and to bolster defenses against mounting threats to its computer networks. The move reflects a shift in military strategy with "cyber dominance" now part of US war doctrine and comes amid growing alarm over the perceived threat posed by digital espionage coming from China, Russia and elsewhere.
President Barack Obama has put a top priority on cyber security and announced plans for a national cyber defense coordinator. A recent White House policy review said that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century." Obama has promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.
(Source: AFP)
Full story
AFP
Monday, June 22, 2009
A woman who won a retrial after a $220,000 verdict against her for sharing music files has now been ordered to pay $1.92 million by a jury in Minnesota.
In 2007, when she lost the original suit, Jammie Thomas-Rasset was one of the first people to receive a guilty verdict in a case backed by the Recording Industry Association of America, which has filed more than 20,000 lawsuits against people in a bid to stop online music trading and copyright infringement.
On Thursday, a jury ordered her to pay $80,000 for each of the 24 songs she is accused of illegally trading over the Kazaa Internet service. The jury could have ordered her to pay between $750 and $150,000 per song. In a statement, the RIAA said it was pleased that the jury found the defendant liable and that it continues to be willing to settle the case.
(Source: ComputerWorld)
Full story
ComputerWorld
The United Nations has appealed to parents, the Internet industry and policy-makers to join hands to eradicate hate speech from cyberspace.
Addressing a day-long seminar titled "Unlearning Intolerance" on the danger of "cyberhate," UN chief Ban Ki-moon lauded the benefits of the Internet but regretted that "there are those who use information technology to reinforce stereotypes, to spread misinformation and propagate hate." "Some of the newest technologies are being used to peddle some of the oldest fears," he warned, decrying what he called "digital demonization... targeting innocents because of their faith, their raace, their ethnicity, their sexual orientation."
(Source: UN)
Full story
United Nations
Thursday, June 18, 2009
Social networks like Facebook and Twitter are exploding in popularity, bringing people from all walks of life together online. At the same time though, overall Internet use keeping family members apart.
Forty-three percent of all online users are involved with a social networking site, and that's up from just 27% a year ago, according to a report released today by The Conference Board, a non-profit research association. The report also notes that more than half of those who use social networks log on at least once a day, and the majority log on several times a day.
(Source: ComputerWorld)
Full story
ComputerWorld
Wednesday, June 17, 2009
An alleged spammer could face jail time in connection with a Facebook lawsuit after a judge referred him to the U.S. Attorney General's Office for criminal proceedings.
Judge Jeremy Fogel of the U.S. District Court for the Northern District of California referred Sanford Wallace (who has been dubbed a "spam king" for his long and aggressive history in e-mail marketing) l to the U.S. Attorney General's Office for criminal proceedings for allegedly violating an injunction that prohibited him from accessing Facebook.
Facebook filed a lawsuit against Wallace and two other men in February for spamming and phishing schemes through the social-networking site. The following week, Judge Fogel issued a temporary restraining order barring Wallace and two other alleged spammers, Adam Arzoomanian and Scott Shaw, from accessing Facebook's network.
(Source: PCWorld)
Full story
PCWorld
Tuesday, June 16, 2009
A federal grand jury in New Jersey today indicted three people, and five people were arrested in Italy, all in connection with hacking into the IT systems of thousands of companies around the world to gain free access to telephone services, according to the U.S. Attorney's Office in Newark, N.J.
A multinational team of investigators worked jointly to round up the alleged hackers and their financial backers in the scheme to gain access into the systems of many companies -- 2,500 in the U.S. alone -- to steal access codes that the victim companies used to route phone calls through telecom systems, the office said.
The value of all the stolen services was unclear, though the U.S. Attorney's Office said the thieves routed more than $55 million worth of telephone calls over telecommunications networks in the U.S. "This was an extensive and well-organized criminal network that worked across continents," said New Jersey's acting U.S. attorney, Ralph J. Marra Jr., in a statement.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, June 15, 2009
Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.
And while you may take steps to protect yourself against identity theft, an Associated Press investigation has found the banks and other companies that handle your information are not being nearly as cautious as they could. The government leaves it to card companies to design security rules that protect the nation's 50 billion annual transactions.
(Source: AP)
Full story
AP
While most viruses target PC users, there has been rise in the number of attacks on Mac systems. Graham Cluley, a security expert with anti-virus firm Sophos, told the BBC that the small number of Mac viruses had made some users complacent.
Security experts have discovered two novel forms of Mac OS X malware. OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan called OSX/Jahlav-C were both found on popular pornographic websites. Users logging on to these sites are asked to download a "missing Video ActiveX Object" but are sent a virus payload instead.
(Source: BBC)
Full story
BBC
Thursday, June 11, 2009
The continuing fallout from a hacking incident at U.K.-based Web hosting company VAserv should serve as a powerful reminder that companies need proper data backup and disaster recovery procedures.
The incident, which could result in a fire sale of VAserv to another hosting provider, is also an especially stark example of the kind of havoc that a malicious attacker can wreak on businesses.
Late Sunday, an unknown hacker or hackers attacked VAserve's virtual server infrastructure and deleted about 100,000 sites, or about half of those being hosted by the company, according to The Register.
(Source: ComputerWorld)
Full story
ComputerWorld
In Beijing, a lawyer has demanded a public hearing to reconsider a government demand that all new personal computers carry Internet filtering software, adding to uproar over a plan critics say is ineffective and intrusive.
(Source Reuters)
Full Article
Wednesday, June 10, 2009
The takedown last week of a rogue ISP by the U.S. Federal Trade Commission (FTC) slashed spam volumes by about 15% and reduced the spam spewed by a pair of big-name botnets by as much as to just 64%, a security firm said today.
"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.
Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.
(Source: ComputerWorld)
Full story
ComputerWorld
A Chinese developer of pornography filtering software protested reports linking the program to China's broader Internet censorship on Wednesday, after the government ordered that his software be distributed with all PCs sold in the country.
The government edict requiring PC makers to distribute the program touched off concerns that it could be used to block access to politically sensitive material online in addition to pornography.
China says the initiative is meant to protect children from "harmful" online content. The software blocks only illegal materials such as pornography and some content related to gambling and drugs, said Bryan Zhang, the general manager of Jinhui.
(Source: PCWorld)
Full story
PCWorld
Tuesday, June 09, 2009
A woman has been arrested by police in the UK following investigation into the distribution of child abuse images. The police raided the home of the 39 yr old nursery worker and closed the 60 place nursery during enquiries. Plymouth Commanding officer Ch Supt Jim Webster stated that the the allegations made against the nursery worker raised "serious concerns" and in response all the parents of children at the nursery are being contacted.
Ch Supt Jim Webster added, "... our work today is to find out what's happened, where the images have come from, where they've been sent to and any risk to anybody in Plymouth..."
(Source: BBC)
Full story
BBC website
A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.
According to court documents, Alexey Mineev set up several "drop accounts" that were then wired funds stolen from banking and brokerage accounts between July and December 2007. He pleaded guilty to one count of money laundering on Wednesday, according to Mike Ruocco, deputy to Judge Paul Gardephe of the U.S. District Court for the Southern District of New York, who is presiding in the case.
The criminals would infect PCs with malicious Trojan software that would steal account numbers and passwords whenever victims logged into their accounts online.
(Source: ComputerWorld)
Full story
ComputerWorld
Monday, June 08, 2009
Movie directors, composers, authors, legal experts, policy-makers and others are meeting in Washinton this week to discuss the "threats and opportunities" the Internet poses to copyright in the digital age.
Some 500 delegates from more than 55 countries are scheduled to attend the 2nd World Copyright Summit being held on Tuesday and Wednesday at the Ronald Reagan Convention Center. Web and software giants Google and Microsoft and representatives of movie, music and book rights societies are also among those attending the summit organized by the International Confederation of Societies of Authors and Composers (CISAC), whose president is Bee Gees brother Robin Gibb.
Organizer CISAC, listing the "key issues" for the summit, cited "How the digital media environment is providing common threats and opportunities to all creative repertoires."
French Culture Minister Christine Albanel, Hollywood director Milos Forman and US Senator Patrick Leahy, chairman of the Senate Judiciary Committee, are among the nearly 100 speakers slated to address the gathering. Looming over the summit is the threat posed to artists by digital piracy.
(Source: AFP)
Full story
AFP
Friday, June 05, 2009
"In the week we used the system we found it very useful to pupils, teachers, therapists and parents alike. It allows children to take control of the conversation without having to rely on help from us.", Sue Williams, head teacher at Capability Scotland's Corseford School in Kilbarchan, said.
'How was school today?' is software to help children with disabilities such as cerebral palsy communicate faster. The system is the result of a project between computing scientists from the Universities of Aberdeen and Dundee, and Capability Scotland. Pupils from Corseford School in Renfrewshire were first to trial it.
Scientists claim to have developed the first technology of its kind to allow children with communication problems to converse better.
(Source: BBC)
Full story
BBC
British YouTube users are amongst the most sensitive in the world, executives at the site have claimed. Amid demands for an independent regulator to police its content they said Britons are amongst the most likely to object to footage hosted on the site.
The company has reacted by introducing special “Britain-only” policies following a raft of complaints from users over gang-related videos. Victoria Grand, head of policy at YouTube, told The Times: “The UK is a big flagging country. We get a lot of videos flagged up in the UK because of issues that British people are concerned about which maybe aren’t an issue in the US, such as the brandishing of guns.”
(Source: TimesOnline)
Full story
TimesOnline
Wednesday, June 03, 2009
As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Carl Leonard, threat research manager for Websense.
Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, Leonard said.
(Source: ComputerWorld)
Full story
ComputerWorld website
Spending more time on social networks and blogs? With the latest figures showing the number of minutes spent on social networking sites in the United States has almost doubled over the past year.
Nielsen Online, which measures web traffic, said the number of minutes on social networks in the United States rose 83 percent in April from the same month a year ago, but found users were quick to move on and sites could quickly fall from favor.
The total number of minutes spent on Facebook surged 700 percent year-on-year to 13.9 billion in April this year from 1.7 billion a year ago, making it the No. 1 social networking site for the fourth consecutive month. News Corp's MySpace was second most popular but the number of minutes spent on this site fell 31 percent to 4.97 billion from 7.3 billion a year ago, although it remained the top social networking site when ranked by video streams.
(Source: Reuters)
Full story
Reuters website
Monday, June 01, 2009
An Australian woman who cyber-stalked an American Idol contestant was jailed for 26 months. Tanya Maree Quattrocchi pleaded guilty to stalking 2004 American Idol runner-up Diana DeGarmo by hacking into her My Space account and hijacking email accounts belonging to the singer, national news agency AAP reported.
Victorian County Court judge Lisa Hannan described Quattrocchi's offences as serious and said she had no option but to send her to jail. "It is important that you understand the fact you perpetrated your offending using cyberspace does not diminish its significance," Melbourne's Herald Sun newspaper quoted Hannan as saying. She said the victims of such crimes had no doors to lock or alarms to activate, adding: "They are constantly vulnerable."
(Source: AFP)
Full story
AFP website
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises.
(Source: Reuters)
Full story
Reuters website
Friday, May 29, 2009
President Barack Obama is calling digital security a top priority, whether it's guarding the computer systems that keep the lights on in the city and direct airliners to the right runway or those protecting customers who pay their bills online.
Obama is expected to lay out broad goals for dealing with cyber threats while depicting the U.S. as a digital nation that needs to provide the education required to keep pace with technology and attract and retain a cyber-savvy work force. He also is expected to call for a new education campaign to raise public awareness of the challenges and threats related to cyber security.
(Source: AP)
Full story
AP website
Thursday, May 28, 2009
ID theft victims are much more likely to get hit with fraudulent charges on their credit cards or debit cards, according to a new study from the Identity Theft Resource Center that tracks the effects of ID theft.
While repairing the damage from ID theft involves some cost for things like police reports, photocopying, travel, etc., ranging from an average of $739 for dealing with damage done to an existing account to $951 to fix the aftermath of a fraudulently opened new account, the real pain comes from the time spent dealing with the mess. It took 58 hours on average to deal with ID theft involving existing accounts, and a painful 165 hours for new accounts, the study found.
(Source: PCWorld)
Full story
PCWorld website
Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month. That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.
Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec.
These botnet computers can be rented out on the black market by anybody, but in recent months some spammers have been moving away from botnets, experimenting with a new way to sneak their unwanted e-mail past corporate filters, according to Adam O'Donnell, a researcher with antispam vendor Cloudmark.
(Source: PCWorld)
Full story
PCWorld website
Wednesday, May 27, 2009
A Taiwanese man has been arrested for allegedly swindling more than 200 million Taiwan dollars (6.25 million US) from 50 women in one of the largest cyber scams in the country, police said.
The suspect, Chuang Shih-chung, claimed to be working for a Malaysian investment firm and encouraged the women he met on online dating sites to buy overseas stocks through him, said the Criminal Investigation Bureau.
At least 50 women from across Taiwan have fallen victim to the 31-year-old, who was arrested on Tuesday with four accomplices, the bureau said, adding that more victims have subsequently contacted the police.
(Source: AFP)
Full story
AFP website
With US government and private computer networks facing increasing attack, the White House announced that President Barack Obama would unveil a report on US cyber security on Friday.
"The report is an important first step towards securing our nation's cyber infrastructure," White House spokesman Robert Gibbs told reporters. "The administration recognizes the very serious threats public- and private-sector networks face from cyber crime and cyber attack," he said.
"Recognizing these threats, the president has elevated cyber security to a major administration priority," Gibbs added.
(Source: AFP)
Full story
AFP website
Tuesday, May 26, 2009
The American Academy of Pediatrics has released a report showing that there are some significant factors which increase the likelihood of online sexual abuse of girls. The researchers suggest that 'girls are more likely to experience online sexual advances or have offline encounters if they have previously been abused or have a provocative avatar'.
Sites such as Facebook and MySpace allow individuals to describe themselves as well as post photographs and the type of photographs and accompanying texts give individuals their online identity and directly affects online behaviour and interaction.
The authors suggest that....."self-presentations can change the way Internet users interact in a manner that increases the risk for online sexual advances.."
(Source: CNN)
Full story
CNN website
Monday, May 25, 2009
California has petitioned the U.S. Supreme Court to reinstate a law to keep violent video games out of the hands of anyone under 18. A U.S. Court of Appeals revoked the law in February. Gov. Arnold Schwarzenegger urged the court to let parents decide. But the Entertainment Software Association called the petition a "complete waste" of time.
The law was passed by California legislators in 2005 but was blocked by the video-game industry. Brown and Schwarzenegger compared the ban on violent games to banning pornography.
"I signed this important measure to ensure parents are involved in determining which video games are appropriate for their children," Schwarzenegger said. "By prohibiting the sale of violent video games to children under the age of 18 and requiring these games to be clearly labeled, this law would allow parents to make better informed decisions for their kids."
(Source : NewsFactor)
Full story
NewsFactor website
Friday, May 22, 2009
Video-sharing website YouTube has removed hundreds of pornographic videos which were uploaded in what is believed to be a planned attack.
The material was uploaded under names of famous teenage celebrities such as Hannah Montana and Jonas Brothers. Many started with footage of children's videos before groups of adults performing graphic sex acts appeared on screen. YouTube owner Google said it was aware and addressing the problem.
Under other uploaded videos, online users posted comments such as: "Take the tags off, you'll get us caught." Another said: "Your gonna kill us all!" As the disturbing videos were being uploaded, many viewers added them to their favourites and rated them highly.
(Source : BBC)
Full story
BBC website
China has targeted cybercrime in three new sets of regulations issued this month as the activity starts to look like an established industry in the country.
Cybercrime in China has grown such that attackers often divide the labor needed to design malware, distribute it and turn the resulting access to remote PCs into monetary gain, security analysts say.
Over 1.2 million computers in China in 2008 were infected by software that let an attacker control them as part of a botnet, according to the Ministry of Industry and Information Technology (MIIT).
(Source : PCWorld)
Full story
PCWorld website
Thursday, May 21, 2009
Identity thieves that hit Facebook last week with a new round of phishing attacks are harvesting passwords for profit.
The newest Facebook attacks resemble previous phishing rounds in their tactics: A compromised account sends a malicious link to friends. That link leads to a site that mimics the legitimate log-in page. But users duped into entering their usernames and passwords are likely giving away more than just their Facebook credentials.
"It's not surprising that they're targeting Facebook," said Kevin Haley, a director on Symantec's security response team. "Facebook has, what, 200 million-plus users? The bad guys always go where's there's a lot of people."
(Source : PCWorld)
Full story
PCWorld website
Militants and hate groups increasingly use social networking sites such as Facebook, MySpace and YouTube as propaganda tools to recruit new members, according to a report by the Simon Wiesenthal Center.
The report was based on "over 10,000 problematic Web sites, social networking groups, portals, blogs, chat rooms, videos and hate games on the Internet which promote racial violence, anti-semitism, homophobia, hate music and terrorism."
Examples of what the report calls "digital terrorism and hate" range from a Facebook group named "Death to gays" in Croatian to a YouTube video of a Koran being burned and various Web sites promoting militant groups such as Hezbollah, the Taliban, al Qaeda and Colombia's FARC.
(Source : REUTERS)
Full story
REUTERS website
Researchers from Cambridge University have found that many photos were still accessible on a number of social networking sites including Facebook, even after having been deleted.
The researchers reported that Flickr and Google's Picasa performed better, while Microsoft's Windows Live Spaces removed the photos immediately.
A Facebook spokesperson stated: "When a user deletes a photograph from Facebook it is removed from our servers immediately. However, URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from their Facebook, until they are overwritten. overwriting usually happens after a short period of time".
(Source: BBC)
Full story
BBC website
Wednesday, May 20, 2009
The UK Child Exploitation and Online Protection (CEOP) Centre reports in its Annual Review that it had assisted in protecting '139 children and disrupte 82 paedophile networks' during the past year.
The types of crimes, in the UK and abroad, include a wide range of offences from possession of indecent images of children and rape.
Jim Gamble, CEO of CEOP, stated, "..This is not about technology - this is about people. There is no distinction between the online and offline worlds......This is about the behaviour of offenders manipulating any environment to abuse children..."
CEOP's Annual Review showed that there was a "fast and growing trend" of grooming through social networking sites and warns that mobile Internet access was "placing new and additional responsibilities on parents".
Mr Gamble added, "...Child protection is everybody's business and we should afford our children the same protection online that we would give them in the park or playground".
(Source; BBC)
Full story
BBC website
New York State Attorney General, Andrew Cuomo's office reports that a group of 7 individuals operated a 24hour prostitution service called 'Room Service Entertainment' from Craigslist's erotic services section.
Cuomo's office added that Craigslist was the "sole vehicle through which the company operated". The advertisements listed included either a pornographic or semipornographic photograph with a phone number "to arrange a date". If found guilty of enterprise corruption, the group of 7 could all face up to 25 years in prison.
In a written statement, Andrew Cuomo stated, "Until Craigslist gets serious about putting real protections in place, it will continue to be an environment where criminal operations thrive with impunity".
(Source: CNN)
Full story
CNN website
Tuesday, May 19, 2009
The sentencing of a Lori Drew, convicted of three misdemeanours counts of accessing protected computers without authorisation to obtain information to cause emotional damage to Megan Meier.
Mrs Drew was accused of fraudently using the MySpace site to pose as a teenage boy who pretended to be interested in Megan Meier. Tragically Meier committed suicide after the "boy" made disparaging remarks about her online.
Source: CNN
Full story
CNN website
Sunday, May 17, 2009
ContactPoint, the 224 million pounds database containing details of all children in England has finally been launched following two delays due to data security concerns. This information will be available to 390,000 childcare professionals who must have undergone 'stringent security training'.
Although the UK government argues that such a database will allow for improved coordination in the services provided to children, a 2007 report by auditors Deloitte and Touche stated that it could never be secure.
(Source: BBC)
Full story
BBC website
Friday, May 15, 2009
Recent sexting (the sending of naked or partially clothed photos of an individual to others via mobile phones) cases in the USA have led to concern about whether such online behaviour should be classified as a criminial offence or simply a 'misdemeanour'.
Such cases have resulted in police arrests of several adolescents and criminal charges of child pornography.
Sending or distributing explicit images of child under 18 is illegal in many countries.
Parents are being encouraged to warn their children about the possible consequences of sexting (for both the sender and receiver).
A recent National Campaign to Prevent Teen and Unplanned Pregnancies survey of more than 1000 teenagers in the USA, found that one-fifth of 13-19 year olds had actually sent compromising images of themselves via text or online. A third of boys and a quarter of girls reported that they had had nude or semi nude images, originally meant to be private, shared with them.
Speaking to the BBC, WiredSafety founder, Parry Aftab stated, "It is dangerous behaviour that we don't want children to be encouraged to do.....Not only could these images end up in the hands of paedophile groups and place kids at higher risk of being targeted, but they could also be subject to extortion by those who have ended up with the images".
(Source: BBC)
Full story
BBC Website
Wednesday, May 13, 2009
"In a document that outlines a Digital Japan Creation Project, dubbed the ICT Hatoyama Plan, Japan’s Ministry of Internal Affairs and Communications revealed plans to build a massive cloud computing infrastructure to support all of the government’s IT systems. Called tentatively the Kasumigaseki Cloud, the new infrastructure will be built in stages from now until 2015."
"The goal of the project consolidate all government IT systems into a single cloud infrastructure to improve operation efficiency and reduce cost. 'The Kasumigaseki Cloud will enable various ministries to collaborate to integrate and consolidate hardware and create platforms for shared functions,' according to MIC. 'Efforts will be made to efficiently develop and operate information systems with the aim of greatly reducing electronic government–related development and operating costs while increasing the pace of processing by integrating shared functions, increasing collaboration among systems, and providing secure and advanced governmental services.'
According to the MIC, the Kasumigaseki Cloud will eliminate the need for individual ministries to maintain their own IT systems by consolidating current data centres, and allow each ministries to use only the computer resources necessary through the cloud platform. Additional proposals were put forth to develop and implement ubiquitous Green ICT solutions, including initiatives like the Kasumigaseki Cloud, boost ICT human resources, and the creation of 'safe and secure networks' for the public.
Read the full story on Green Telecom here.
This blog entry was shared through Bill St Arnaud's blog spot
Tuesday, May 12, 2009
"Persistent illegal file-sharers should be cut off from the net". BBC reports that: "An alliance of United Kingdom's creative industries wants the government to force internet service providers (ISPs) to disconnect users who ignore repeated warnings about sharing illegal content."
"The creative industries, have issued a set of "urgent recommendations" that they want to be included in the United Kingdom government's Digital Britain manifesto. They argue that many jobs in the 800,000-strong sectors of film, TV, music, and software are threatened by illegal file-sharing. However, the Internet Services Providers' Association (Ispa) - a trade body that represents ISP's - said that users could challenge disconnections through the courts and, at present, the technology available for monitoring and detecting illegal sharers was not of a standard "where they would be admissible as evidence in court".
"Suggestions for rights-owners to take many thousands of legal actions seeking damages against individual file-sharers in court are neither practicable nor proportionate and would create a drain on public resources," the joint statement reads. The statement stops short of calling on the government to introduce legislation with detailed technical measures to prevent illegal file-sharing. "Instead, [the government] should provide enabling legislation, for the specific measures to be identified and implemented in an Industry Code of Practice," it recommends.
Read the full story on the BBC website here.
Saturday, May 09, 2009
UK children's charities want to ensure that children do not have access to those online goods which are aimed at adults. To that effect, a private members bill going through the House of Lords will oblige web retailers to have such a system in place.
Charities have fully endorsed this bill following concerns about children purchasing alcohol, knives and violent video games online.
Trading standards officers from a London Council performed tests on a sample of websites in order to establish whether there were age verification checks being made. In a controlled test, a 16-year old managed to purchase pre-paid credit cards which were registered under his true date of birth and address. This adolescent successfully bought knives, drink and adult-rated DVDs as well as games from 12 different online retailers.
Only three of the retailers asked the 16-year old to confirm his age, and when he "lied" was not challenged or asked for proof.
Zoe Hilton, policy advisor for the NSPCC, speaking on behalf of the Children's Charities Coalition on Internet Safety, stated, "..Retailers' increasingly successful efforts to control the sale of age-restricted products over the counter on the High Street are being seriously undermined by their failure to take similarly effective steps to limit sales of exactly the same items on the Internet".
(Source: BBC)
Full story
BBC website
Wednesday, May 06, 2009
In the USA, Democratic congresswoman for California, Linda Sanchez, is leading a bill aimed at combatting cyberbullying. However, opponents argue that such a bill silences free speech.
The bill itself, states that any electronic communication (to include emails, blogs, instant messaging and texts) sent to "...coerce, intimidate, harass or cause substantial emotional distress" could result in a fine or a two year prison sentence.
Those who oppose the bill are concerned about honouring fthe reedom of expression as set out in the US constitution's first amendment. The bill is named after Megan Meier, a Missouri teenager who committed suicide after being the victim of cyberbullying on MySpace.
In the UK, the secretary of state for children, schools and families, Ed Balls, refers to such online abuse as "insidious".
(Source:Guardian)
Full story
Guardian website
The first ever 02 Digital Families Report released yesterday showed that for families, the Internet was more important than food and other household bills. The telecommunications company, 02 polled 500 families in the UK in order to find out which items they were reluctant to cut back on, and found that more than 67% opted for Internet access over school uniforms (59%), family holidays (30%) and their weekly food shopping (24%).
(Source: Telegraph)
Full story
Telegraph website
Friday, May 01, 2009
Although the IWF 2008 Annual Report suggests that there has been a 10% decrease in the number of child abuse websites in the past year, it is important to note that there has been an increase in the serious nature of those abuse images which are still available.
The IWF report shows that among the remaining 1,536 child abuse sites, 74% were for profit while 26% allowed users to share or swap images, and states, "..1,536 domains remains a problem of a scale which can be seriously targeted and significantly disrupted through international efforts".
Peter Robbins, Chief Executive of the IWF said, "These websites, although reducing in number, represent an extremely serious problem."
The methods used by such sites to avoid detection were reported to be more and more sophisticated and include the scrambling of domain names and attempts to hide methods of payment in order to try to remain one step ahead of law enforcement.
(Source: BBC)
Full Story
BBC website
Thursday, April 30, 2009
An American girl chatting on Facebook with a British teenage boy alerted her mother after he admitted that he planned to commit suicide. Without having his address, the girl's mother contacted local police which then led to a series of calls to the White House, the British Embassy in Washington and finally the police in the UK town where the boy was found alive.
(Source: BBC News)
Full Story
BBC Website
Wednesday, April 29, 2009
The ITU Regional Cybersecurity Forum for Africa and Arab States, dedicated to “Connecting the World Responsibly”, aims to identify some of the main challenges faced by countries in Africa and Arab States in enhancing cybersecurity and securing critical information infrastructures.
It will consider best practices, information sharing mechanisms and concrete actions for cybersecurity development, taking into consideration the key principles of matching the borderless, transnational nature of cyber-threats with meeting specific national and regional requirements. The Forum will consider initiatives at the regional and international levels to increase cooperation and coordination amongst different stakeholders. The forum programme will include interactive sessions on the projects and related tools that ITU is working on to assist Member States in developing and implementing cybersecurity capabilities.
Capacity building activities will be undertaken in the following main areas:
Development of a legal framework;
Development of watch and warning and incident management capabilities, including the establishment of a national computer incident response team (CIRT); and,
Actions to be considered when developing a national cybersecurity strategy and harmonization within the key principles of international cooperation.
The event is expected to bring together government representatives, industry actors, and other stakeholder groups from countries on the African continent and the Arab States to discuss, share information, and collaborate on the elaboration and implementation of national policy, regulatory and enforcement frameworks for cybersecurity. It will benefit information and communication policy makers from ministries and government departments; institutions and departments dealing with cybersecurity policies, legislation and enforcement; and representatives from operators, manufacturers, service providers, industry and consumer associations involved in promoting a culture of cybersecurity.
The forum will be conducted in English, Arabic and French with simultaneous interpretation. Participation in the Forum is open to all ITU Member States, Sector Members, Associates, and other interested stakeholders, including representatives from regional and international organizations.
More detailed information about the event (including the draft forum agenda, online pre-registration, fellowship requests (for eligible LDCs) can be found on the ITU Regional Cybersecurity Forum for Africa and Arab States website at www.itu.int/ITU-D/cyb/events/2009/tunis/.
Register for the ITU Regional Cybersecurity Forum for Africa and Arab States here.
We look forward to seeing you at the event!
The Times reports that a young German man, David Heiss, became infatuated with Joanna Witton while playing on a cyber war website set up by Joanna and her boyfriend, Matthew Pyke, in the UK.
After seeing her photo on Facebook, Mr Heiss made up his mind that she was the girl for him, sending her a stream of disturbing messages despite her protests that she was already in a relationship.
Travelling to the UK from Germany, Mr Heiss tracked the couple down, committing the murder on his second visit. The killing of the victim was said by the prosecution to be driven by "...obsession for Joanna Witton, who was Matthew's girlfriend, and hatred for Matthew, because he was Joanna's boyfriend".
(Source: The Times)
Full Story
Timesonline website
Monday, April 27, 2009
At the recent RSA Conference 2009 in San Francisco, United States, McAfee CEO DeWalt called for a global security architecture.
"Security threats are on the rise as the economy declines, and the solution will likely come from collaborative partnerships that span all IT platforms and international boundaries." "DeWalt painted a grim picture of the security landscape. Consumer confidence has gone down while unemployment and has risen, he said. And as the economy has gone into a tailspin, cybercrime has seen a sharp upward spike, with more malware detected in 2008 than in the previous five years combined. Last year, 80 percent of cybercrimes were financially motivated, he added."
"Many organizations are vastly underprotected or fail to regularly update patches and security software, which have opened up copious threat vectors for attackers, DeWalt said. In addition, the explosion of malicious threats in the last year can also be attributed to lack of user education and best security practices, as well as lack of comprehensive security." "One of the solutions, DeWalt proposed, would be to build comprehensive security architecture across numerous IT platforms that would be able to interoperate with companies' existing network infrastructure. That architecture would ultimately allow organizations to create correlating reports for every department and system, while allowing greater overall visibility into their organization's network, DeWalt said." "Cross-platform collaboration provides IT administrators a panoramic view into their network and allows communication across the threat vectors to shore up otherwise unseen security holes." "That same type of collaborative architecture will ultimately be required to extend across international borders and throughout global networks as the threats continue to become more sophisticated and the attacks more prevalent, DeWalt said. "The most depressing part of this is that we do not have a global architecture in place," he said. "We need to work together. Undoubtedly, (attacks) will continue to increase."
Read the full story on ChannelWeb.
Friday, April 24, 2009
Following earlier reports of users not being able to delete their personal information, Facebook has now allowed voters to decide on the best way to proceed. In reviewing their policies with users, the popular social networking site has agreed to allow its users greater control of their personal data.
After a vote, 75% of responders were in favour of these proposed changes, which will allow users to own their own information and also have the right to remove it if they so choose.
Founder, Mark Zuckerberg explained that the networking site was aiming for a more "...transparent and democratic approach"
(Source: Telegraph)
Full story
Telegraph website
Miguel Angel Mancera, the Attorney General of Mexico City, stated that seven suspects including a Roman Catholic priest, were accused of distributing over 100,000 child sex abuse images (including pictures and videos) of children worldwide. Among the material taken away by law enforcement were CDs, DVDs and computers.
(Source: CNN)
Full story
CNN website
A new report of the mobile industry shows that some progress has been made by the 26 mobile operators signed up to the "European Framework for Safer Mobile Use by Younger Teenagers and Children” brokered by the Commission in February 2007 (IP/07/139). These operators serve around 580 million customers, 96% of all EU mobile customers. "The new report of the mobile phone industry association shows that mobile operators have started to take seriously their responsibilities to keep children safe when using phones," said EU Telecoms Commissioner Viviane Reding.
50% of 10 year-old, 87% of 13 year-old and 95% of 16 year-old children in the EU have a mobile phone, but half of European parents worry mobile phone use might expose their children to sexually and violently explicit images (51%) or bullying by other children (49%), according to a survey. The European Commission today called on mobile operators to do more to keep children safe while using mobile phones by putting in place all the measures in the voluntary code of conduct, signed by 26 mobile operators in 2007. The report published by the GSM Association, the trade body of the mobile phone industry, showed that national self-regulatory codes based on the framework agreement brokered by the European Commission now exist in 22 Member States, 90% of them in line with the 2007 agreement, and 80% of operators have put in place measures to control child access to adult content.
Read the full EC press release from 20 April 2009 here.
More information on the GSMA report onimplementation of the framework agreement on "Safer Mobile Use by Younger Teenagers and Children" can be found here.
Friday, April 17, 2009
The British Computer Society (BCS)'s website shares information and advice on how to stay safe while shopping online in a set of "Golden Rules" compiled by Global Secure Systems (GSS).
The twelve golden rules to safely shopping online include the below (detailed information available on the BCS website):
- Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files and operating system updates from Microsoft.
- Never go online without ensuring you have your personal firewall enabled.
- Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some
- Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
- Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
- Be sure to use a credit card and not a debit card.
- Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
- Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details.
- Make a habit of checking the site's privacy policy for details of how your personal information will be used and only provide the minimum of personal information, especially in online forms.
- Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam).
- It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server.
- Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!
The full set of "Golden Rules to Safe Internet Shopping" can be found here.
For more information see the British Computer Society (BCS) and Global Secure Systems (GSS) websites.
Friday, April 10, 2009
ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.
The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.
To enter the competition you need to submit an essay on one of the following essay topics:
- Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
- Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
- Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
- Personal Information Online (internet/mobiles): Responding to User Safety Concerns
All applications should be submitted online through the competition website.
The deadline for applications is 14 June 2009.
We look forward to reviewing your applications and wish you the best of luck in the competition!
Friday, April 03, 2009
1 April 2009 was the start of a new anti-piracy law in Sweden where, according to traffic data, an immediate and significant drop (over 30 per cent) occurred in the nation's overall Internet traffic.
"The combined traffic passing through Sweden's Internet Exchange Points usually peaks around 160 Gbit/s, but on Wednesday it peaked at around 110 Gbit/s. That's a huge drop in traffic, and is presumably a direct result of less file sharing taking place. ... Another interesting observation is that there was more traffic than usual during the last days before the law took effect. Were people hoarding films and music? On Tuesday (the day before the law went live) traffic peaked at nearly 200 GBit/s, roughly 25% above normal levels."
Read the full story and view the related statistics at CircleID.
Friday, March 27, 2009
The European Commission has unveiled new laws aimed at protecting children from online sexual abuse. As a result, individuals who are found to be guilty of abuses such as online grooming or viewing online pornography, may face criminal prosecution.
(Source: BBC)
Full Story
BBC Website
Thursday, March 26, 2009
An advertising campaign by Beatbullying for its new website CyberMentors was helped by the testimony from boxing champion Joe Calzaghe.
Joe Calzaghe, a spokesperson for Beatbullying, spoke about the misery he suffered during his school years from bullying and how it affected him and changed his personality.
Adding, "For two years I was bullied, called names and ignored by former friends which turned me from a happy, out-going kid who enjoyed school and schoolwork, into an introverted wreck, detached from his studies and scared of his own shadow during school hours".
(Source: BBC)
Full story
BBC Website
Wednesday, March 25, 2009
The UK government has unveiled plans to monitor social network sites contacts in an effort to “tackle crime gangs and terrorists” , stressing that it “would not keep the content of conversations”.
Following earlier plans to keep all phone calls, e-mails and websites visited on a central database, the UK government has been accused of putting together a “snoopers’ charter” by campaigners for civil liberties.
Amid concerns about security, Liberal Democrat MP Tom Brake stressed his lack of confidence in the security of personal information in a government-controlled database.
Chris Kelly, Facebook's chief privacy officer called this latest proposal "overkill".
An EU directive to store all Internet traffic data will come into force in the UK on 6th April 2009.
(Source:BBC)
Full story
BBC website
Tuesday, March 24, 2009
A new social network site available only for under-18s,Yoursphere.co.uk, has commissoned a research paper on parental supervision of children online.
Evidence from this Virtual Parenting Report supports the need for more parental supervision for children online.
It suggests that parents should treat their children's online safety as having the same risks as offline safety. There appears to be a false sense of security in parents feeling that their children are less at risk because they are using the Internet whilst in the safety of the family home.
(Source:Telegraph)
Full Story
Telegraph website
Wednesday, March 11, 2009
In the USA, the North Carolina Attorney General, Roy Cooper, summoned MySpace to provide the identities of these registered sex offenders to law enforcement.
Commenting on the responsibility of social networks, Cooper added that, "...MySpace, Facebook and other social networks need to do much more to protect kids online".
North Carolina state passed a law in 2008 banning sex offenders from registering on networks involving children and young people.
(Source:CNN)
Full Story
CNN Website
Thursday, February 26, 2009
The Anti]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.
The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."
"Law enforcement and anti]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."
See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.
Monday, February 23, 2009
The ITU has launched new partnerships to help 13 Pacific Island countries develop information and communications technology (ICT) in the region.
In a joint communiqué issued at the end of the Pacific ICT Ministerial Forum, held in Tonga, senior officials from the 13 countries called for greater coordination to minimize overlap in ICT initiatives and maximize the impact of investments in development projects. The ministers, including two Prime Ministers, called for rapid implementation of regional connectivity projects and for reinforced efforts to create more ICT professionals and a workforce with technical skills.
“The Pacific Island countries have clearly stated their objectives and priorities,” said Director of the ITU Telecommunication Development Bureau, Sami Al Basheer Al Morshid. “ITU is fully committed to work with our partners in delivering results for the Pacific Island States,” added Mr. Al Basheer, who announced several new partnerships to assist the countries. “We are building on the expertise and resources of all interested partners to reinforce our collective impact on ICT development in the Pacific.” The Pacific Island ministers also directed officials to work towards establishing a shared regulatory resource centre and encouraged regional States to make full use of ICT for early warning and response systems to improve disaster preparedness.
See the full ITU press release here.
Monday, February 16, 2009
A new report from ITU, highlights some harsh realities for the global ICT industry. The report, Confronting the Crisis: Its Impact on the ICT Industry, considers how the industry can position itself for recovery in the future.
Confronting the Crisis: Its Impact on the ICT Industry draws on analysis from leading industry experts and international institutions. As the established order is overturned, it says, convergence in the ICT industry will accelerate, with the emergence of new players with new business models. Firms’ ability to weather the economic storm will depend on their ability to invest for the future and explore new opportunities to benefit from the eventual upturn. For an industry founded on innovation, the current turmoil will create openings for nascent ICT companies.
Confronting the Crisis finds that although credit is now less abundant and more expensive, with financing costs for operators on average 3 − 4 per cent higher year-on-year, savvy operators can take advantage of the economic turmoil to reposition their services for the upturn. Funding is still available for players with sound business models, established demand and early projected cash flows. Alternative sources of financing are now needed, with a growing role for government financing and economic stimulus packages.
Many analysts contributing to Confronting the Crisis underlined the need for ICT as vital services and suggested that fixed-mobile substitution and consumers’ decision to switch to mobile telephony may gain momentum in developed markets during a prolonged recession. The report also notes that long project lead times for the satellite industry mean that it has been less affected in the short term, with strong recent growth in demand from developing countries. The financial difficulties facing the private sector could add to pressure for government intervention in the financing of national backbone infrastructure. Governments are already stepping in to diminish the impact on the transition to next-generation networks (NGN), which can carry voice, data and media services simultaneously. Several administrations have announced commitments to invest in their national backbone infrastructure, while others, such as the European Union, have included the roll-out of broadband networks in their economic stimulus packages. Although the financial crisis may delay investment in NGN, it has also led to a widespread reaffirmation of the importance of building advanced telecommunication infrastructure as part of an economic stimulus package.
See the full press release from 16 February 2009.
The report is available for download here.
Wednesday, February 11, 2009
According to a article in the Indian Hindustan Times, "Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information. Over the past eight months, the Indian Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said. There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed. "We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.
"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity. A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa. The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December. But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system. "We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours. The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers. They have been asked to contact their service providers to unblock the site. "We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.
Read the full article here.
Tuesday, February 10, 2009
Press release issued simultaneously by ITU and European Commission.
Geneva, 10 February 2009 — ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online.
Children are among the most active — and most vulnerable — participants online. According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.
"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."
"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers." This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commission’s Directorate General for Information Society and Media has declared its full support for ITU’s Child Online Protection (COP) Initiative. The EC’s Ins@fe Network will launch a Safer Internet Day virtual exhibition which will host pavilions where visitors can learn more about initiatives undertaken by the 50 participating countries. ITU will host an online pavilion in support of EC’s efforts to raise awareness among youngsters aged 12 to 17 regarding the risks they may face online.
ITU and Child Online Protection (COP)
ITU’s motto is "committed to connecting the world", but we are also committed to connecting the world responsibly. That means working together to ensure cybersecurity, enable cyberpeace, and — more importantly — protect children online. While child online protection programmes exist in many developed countries, there are very few in the developing world today — and very little coordination between them. ITU established the Global Cybersecurity Agenda (GCA) and launched the Child Online Protection (COP) initiative. COP aims to bring together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere.
See the press release here.
Telecommunication company, 02 has launched a new book, 'Who Wants 2 No?', aimed at 8-12 year olds in an effort to promote greater Internet safety among children.
Available to schools and libraries, this book also aims to encourage children's literacy skills by providing an enjoyable story as well as an important safety message.
Ronan Dunne, CEO, Telefónica 02 UK Limited added, "....Technology is available to help keep children safe, but is only part of the solution. It's also important that children learn how to be smart and stay safe as part of their online experiences...."
(Source:www.02.com)
Read full article
Monday, January 26, 2009
Despite the number of data breaches which have occured in the UK over the past year, the UK Government has now authorised 390,000 professionals (including local authorities, police, health service and children's charities) direct access to contact details on all under 18-year-olds in England.
This 224 million pounds ContactPoint database was developed following the death of Victoria Climbie in 2000, when Social Services were highly criticised for lack of coordination and adequate follow-up of children at risk.
It is hoped that this database will go some way to preventing children from slipping through the net.
The Conservatives voiced their concern by stating that this database was "another expensive data disaster waiting to happen". The Liberals were equally opposed, calling it an "intrusive and expensive project".
(Source: BBC NEWS)
Full Story
BBC website
Friday, January 23, 2009
NYTimes writes that "A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be. In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world."
"Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys. Experts say it is the worst infection since the Slammer worm exploded through the Internet in January 2003, and it may have infected as many as nine million personal computers around the world."
This article was accessed through Dave Farber's list.
See the full article in NYTimes here.
Sunday, January 18, 2009
Well-known British Child Psychologist, Tanya Byron compares the dangers of letting children use the Internet without supervision to allowing them to cross dangerous roads without assistance.
"Government must be co-ordinated in its approach, we must have a national strategy" Byron states, adding,
"Now Obama has laid out his ambitious strategy and France has just published its own, too, there's a bit of a race on to lead the way in protecting children online...."
She encourages parents to take an interest in their children's online activity as well as providing commonsense advice such as putting the family computer in the living room as opposed to the child's bedroom.
(Source:Telegraph)
Full story
Thursday, January 15, 2009
In an article in the Wall Street Journal, Emily Steel looks at who should bear the responsibility for protecting children online following the release of the Internet Safety Technical Task Force report on child esafety.
Attorney General Roy Cooper of North Carolina is reported as saying, "Clearly the main responsibility is on parents." adding, "..because technology companies are providing the gathering space and encouraging children to come, they have a duty to put in place technologies that can help protect kids".
Acknowledging efforts by social networking sites such as MySpace to respond to reports of abuse within 24 hours, as well as blocking child predators from their network.
(Source: Wall Street Journal)
Read article here
Wall Street Journal
Saturday, January 10, 2009
A number of children at a London girls school were suspended from school as a result of posting "deeply insulting comments" about a staff member who is reported to be receiving counselling as a result.
The group of girls, aged between 11 and 18 signed up as members of The Hate Society on Facebook. The headteacher of Grey Coat Hospital School, Rachel Allard stated, "We can confirm that a number of pupils have been given fixed term exclusions for between 2 and 15 days after the school became aware of their involvement in a hate campaign about a member of staff using an open Facebook group.."
(Source: Telegraph)
Full story
Telegraph website
Tuesday, January 06, 2009
In a letter to the Guardian newspaper, John Carr, from the Children's Charities' Coalition on Internet Safety argues that cohesion within the Internet industry can do much to address child online safety "without the need for direct government intervention".
(Source: Guardian)
Read letter here
Guardian website
Tuesday, December 09, 2008
A recent ITU study dedicated to the "Financial Aspects of Network Security: Malware and Spam" (July 2008) reviews some of the current leading thinking and research on the economics of cybersecurity. The full study can be found here.
Security flaws are often due to perverse incentives rather than the lack of suitable technical protection mechanisms. As individuals and companies do not bear the entire costs of cyber incidents, they do not tend to protect their system in the most efficient way. If they did support all the financial consequences, they would have stronger incentives to make their network more secure for the good of all interconnected networks. Measures to improve information security enhance trust in online activities and contribute directly and indirectly to the welfare gains associated with the use of information and communication technologies (ICTs).
However, some expenditure on security is only necessary because of relentless attacks by fraudsters and cyber-criminals that undermine and threaten trust in online transactions. Such costs are not welfare-enhancing but instead a burden on society. Two vectors through which such attacks are carried out are malware and spam. During the past two decades, the production and dissemination of malware has grown into a multibillion dollar business. Damages created by fraudulent and criminal activities using malware and the costs of preventative measures are likely to exceed that number significantly. Malware puts the private and the public sector at risk because both increasingly rely on the value net of information services. Spam and malware have multifaceted financial implications on the costs and the revenues of participants in the ICT value chain. The costs carried by all stakeholders across the value network of information services are affected directly and indirectly by this. But most of the financial flows between the legal and illegal players in the underground cybercrime economy are only partially known. The ITU study is a survey of existing resources and data available when it comes to the economics and financial aspects of cybersecurity.
Access the ITU study on the "Financial Aspects of Network Security: Malware and Spam" (July 2008) here.
Wednesday, December 03, 2008
The 2008 Internet Governance Forum (IGF) is being held 3-6 December 2008 in Hyderabad, India. The third meeting of the Internet Governance Forum will be focusing on the overall theme of ‘Internet For All’. The main sessions are organized as three thematic days under the following headings: ‘Reaching the Next Billion’, ‘Promoting Cyber-Security and Trust’, ‘Managing Critical Internet Resources’ with the last day covering ‘Emerging Issues - the Internet of Tomorrow’ and ‘Taking Stock and the Way Forward’.
Transcripts of the main session, webcasts, and contributions to the dicussions can be found on the IGF website.
Thursday, November 13, 2008
ITU launched a new initiative today to safeguard children, the most vulnerable users of the Internet. Addressing ITU’s high-level meeting on cybersecurity by video message, UN Secretary-General Ban Ki-moon said, "We have to protect against cyberthreats, especially when they target children. I welcome the ITU’s Child Online Protection (COP) initiative and urge all States to support it."
The Child Online Protection initiative brings together partners from all sectors of the international community with the aim of creating a safe and secure online experience for children everywhere. While the virtual world offers unlimited opportunities in many respects, it is also the hunting ground for cybercriminals and paedophiles. Recognizing that a concerted global effort would be required to ensure that the cyberworld becomes a safe place for young people to work, learn and play, ITU is working with other UN agencies, including UNICEF, UNICRI and UNIDIR.
Building confidence and security At the World Summit on the Information Society (WSIS) in 2005, ITU was entrusted by leaders of the international community with Action Point C5: "building confidence and security in the use of ICTs". As an intergovernmental organization with a network of 191 Member States and more than 700 Sector Members and Associates, ITU was a logical choice. In 2007, in answer to this responsibility, Dr Hamadoun Touré, ITU Secretary-General, launched the Global Cybersecurity Agenda (GCA), an international framework that addresses 5 main aspects: legal measures technical and procedural measures organizational structure capacity building international cooperation The WSIS outcomes also specifically recognized the needs of children and young people and their protection in cyberspace.
The Tunis Commitment recognized "the role of information and communication technologies (ICT) in the protection of children and in enhancing the development of children" and the need to "strengthen action to protect children from abuse and defend their rights in the context of ICT". The COP initiative is in line with ITU’s mandate to establish the foundation for a safe and secure cyberworld for future generations. The need for COP is clear. A decade ago, there were just 182 million people using the Internet globally — and almost all of them lived in the developed world. By the end of 2008, however, there will be over 1.5 billion Internet users worldwide, and more than 400 million of them will have broadband access — vastly increasing the dangers online, especially for children. With over 600 million users in Asia, 130 million in Latin America and the Caribbean, and 50 million in Africa, the Internet is a growing common resource.
"ITU is the lead UN agency on ICT for Development," said Mr Sami Al-Basheer, Director of the ITU Telecommunication Development Bureau (BDT). "In working towards an all-inclusive information society we must ensure that children everywhere can enjoy the benefits of ICTs while being protected from the risks posed by inappropriate use."
Read the full press release for the COP initiative here.
Saturday, November 01, 2008
The ITU Regional Cybersecurity Forum for Europe and the Commonwealth of Independent States (CIS) was held in Sofia, Bulgaria from 7 to 9 October 2008.
The forum, which was hosted by the State Agency for Information Technology and Communications (SAITC) of the Republic of Bulgaria, aimed to identify some of the main challenges faced by countries in Europe and CIS in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on cybersecurity development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders.
Approximately 130 people from 25 countries participated in the event from Europe and CIS, as well as from other parts of the world. Simultaneous interpretation in Russian and English was provided for the participants throughout the forum. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Europe and CIS, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings reached at the event.
See the website for further information.
Monday, September 01, 2008
The ITU Regional Cybersecurity Forum for Eastern and Southern Africa was held in Lusaka, Zambia from 25 to 28 August 2008.
The forum, which was hosted by the Communications Authority of Zambia and the Government of Zambia, and jointly organized by ITU and COMESA, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders.
Approximately 60 people from 21 countries and 4 regional organizations participated in the event. Among the participants were professionals from governments, regulatory authorities, private sector, and civil society. Full documentation of the event, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the four days of the ITU Regional Cybersecurity Forum for Eastern and Southern Africa, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.
The third day of the ITU Regional Cybersecurity Forum, 27 August 2008, was dedicated to specific working sessions on developing national and regional cybersecurity/CIIP capacity through three working groups. The working groups focused on 1) developing a national cybersecurity strategy, 2) legislation and enforcement and, 3) watch, warning, and incident response. In addition to the overall forum recommendations, specific recommendations and suggestions were developed by the three ad hoc working groups: Working Group 1: Regional Approach for the Development of a National Cybersecurity Strategy; Working Group 2: Legal Foundation and Enforcement; and Working Group 3: Watch, Warning, and Incident Response.
See the event website for more information.
Friday, August 01, 2008
The ITU Regional Cybersecurity Forum for Asia-Pacific, and related Seminar on the Economics of Cybersecurity was held in Brisbane, Australia, 15-18 July 2008.
The regional cybersecurity forum, which was hosted by the Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders. The forum, one in a series of regional cybersecurity events organized by the ITU Development Sector (ITU-D), was held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity.
Approximately 90 people from 27 countries participated in the event, from the Asia-Pacific region, the Pacific Islands, as well as from other parts of the world. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Asia-Pacific, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.
The day prior to the start of the ITU Regional Cybersecurity Forum for Asia-Pacific, 15 July 2008, was dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity. Throughout the seminar the participants learned about the pervasive incentives and the new revenue streams that are created from malware and spam, how they enable legitimate business models (e.g., anti-virus and anti-spam products, infrastructure, and bandwidth) as well as fraudulent and criminal ones (e.g., renting out of botnets, bullet proof hosting, commissions on spam-induced sales, pump and dump stock schemes). Distinguished experts in this area explained how malware and spam create mixed and sometimes conflicting incentives for stakeholders, which complicate coherent responses to the problem. An ITU Study on the Financial Aspects of Network Security: Malware and Spam was presented and discussed at the event.
See the event website for more information.
Monday, May 19, 2008
The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing
Act of 2003 (CAN-SPAM), which aim to clarify the Act’s requirements.
The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.
Continue reading the news release here.
BBC News recently reported the arrest of five hackers described as being among the most active on the internet. The hackers, who include two 16-year-olds, are accused of disrupting government websites in the United States, Asia and Latin America. Spanish police say the hackers co-ordinated attacks over the internet and hacked into 21,000 web pages over two years.
Read the full report here.
Friday, May 16, 2008
As part of the ITU Cybersecurity Internship Programme, ITU launches the 2008 Cybersecurity Essay Competition. The purpose of the ITU Cybersecurity Internship Programme, and related 2008 ITU Cybersecurity Essay Competition, is to increase cybersecurity awareness and give young people, especially from developing countries, exposure to the main issues related to cybersecurity and to the ongoing work of ITU in this area. It is hoped that the fellowships granted to promising students and recent graduates from ITU Member States through the cybersecurity essay competition will help build cybersecurity capacity in developing countries as these interns will be exposed to ITU cybersecurity activities, learn about the main international and regional actors in this field, and constructively contribute with their country-specific insights into ITU cybersecurity-related work. The competition is open to current students and recent graduates in economics, political science, law, literature, computer science, information systems and related fields, between the ages of 20 and 30 years old.
For more information about the programme and competition, visit the programme website.
Monday, April 28, 2008
Information Security experts recently revealed that government networks in Blighty and UN computers have been hacked and ensnared in a botnet. According to Websense, the attacks happened in March using some sort of SQL injection. It was said that the number of computers compromised is impossible to know but an estimate could be around 100,000 URLs. "A victim reaching a hacked site will be redirected a different page, hosted on a Chinese server. The IP address keeps changing within the JavaScript making it hard to locate."
Read the full article here.
Tuesday, April 22, 2008
According to China's Computer Emergency Response Team (CN-CERT)'s 2007 annual report released last week, the greatest threat to the nation's portion of the internet are Trojan horse programs and bot software. Based on CN-CERT's findings, "the number of Chinese Internet addresses with one or more infected systems increased by a factor of 22 in 2007... [and] of 6.23 million bot-infected computers on the Internet, about 3.62 million are in China's address space." The report alse reveals that "domain name registration in the nation had almost tripled in the past year, attacks that tampered with legitimate Web sites grew 1.5 times, and malicious drive-by attacks jumped 2.6 times."
The report is currently only available in Chinese.
Read the full article here.
Monday, April 21, 2008
Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.
Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.
Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.
Read the full news article on the ITU-T newslog.
Dan Kaminsky, director of Penetration Testing IOActive, Inc., gives a presentation on wildcard and NXDOMAIN redirection services. It discusses typosquatting, DNS ad injection, and provides several examples showing how these phishing trends work. Basically, it is quite possible for non-existent domains to be created validly on any random server, and to be near undetectable. Kaminsky concludes that "even small amounts of failed net neutrality can lead to catastrophic side effects on Internet security" and that "even if everything was 100% SSL, if the ISP could require code on the box, they could still bypass the crypto, and alter the content."
Access Dan Kaminsky's full presentation here.
On 15 November 2006, a Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software had been released. "The Commission Communication on a Strategy for a secure Information Society aims at improving the security of network and information at large and invites the private sector to address vulnerabilities in network and information systems that can be exploited to spread spam and malicious software. The Commission Communication on the Review of the EU Regulatory Framework proposes new rules to strengthen security and privacy in the electronic communications sector." This
Communication deals with the evolution of spam, and threats such as spyware and malicious software. It also takes stock of efforts made so far to fight these threats and identifies further actions that can be taken, including strengthening Community law, law enforcement, cooperation within and between Member States, political and economic dialogue with third countries, industry initiatives, and R&D activities.
Among the proposed actions in this Communication are:
- Member States and competent authorities are called upon to lay down clear lines of responsibility for national agencies involved in fighting spam, ensure effective coordination between competent authorities, involve market players at national level, drawing on their expertise and available information, ensure that adequate resources are made available to enforcement efforts, and subscribe to international cooperation procedures and act on requests for cross border assistance.
- Companies are encouraged to ensure that the standard of information for the purchase of software applications is in accordance with data protection law, contractually prohibit illegal use of software in advertisements, monitor how advertisements reach consumers and follow up on malpractice, and e-mail service providers to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering.
- The Commission aims to continue efforts in raising awareness and fostering cooperation between stakeholders. It also aims to continue to develop agreements with third countries including the issue of the fight against spam, spyware and malware, introduce new legislative proposals that strengthen the rules in the area of privacy and security in the communications sector, present a policy on cyber crime, involve ENISA expertise in security matters, and support research and development in its FP7 program.
With the accelerating development and spread of spam, spyware and malicious software, "the Commission is using its role as an intermediary to create greater awareness about the need for greater political commitment to fight these threats."
Read the full Communication here.
More on European Union Laws here.
Monday, April 14, 2008
As an input to its activities on economics of network and information security (NIS), ENISA has commissioned a study identifying barriers and
incentives for NIS. The overarching aim of the report is to analyse the economic impact of NIS, to assess added value and contribution to the smooth functioning of the Internal Market for e-Communication. In February 2008, the report entitled "Security Economics and the Internal Market" by Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore was submitted to ENISA, aiming:
- To identify existing economic barriers for addressing Network and Information Security (NIS) issues in a single, open and competitive Internal Market for e-Communication;
- To assess these barriers’ potential impact on the smooth functioning of the Internal Market for e-Communication;
- To identify and analyse incentives (regulatory, non-regulatory, technical, educational, etc.) for lifting these barriers identified to cause
distortion of the smooth functioning of the Internal Market for e-Communication;
- And to provide a range of recommendations to relevant actors (decision-makers both at EU and national level, industry, academia, etc.) for policy options, possible follow-up actions and initiatives.
The report identifies relevant groups of stakeholders and assesses their role and responsibilities. In addition, the report offers explanatory
and where possible causal linkages.
More information on the ENISA website.
Read the full report here.
The European Network and Information Security Agency, ENISA's report gives an overview on information security certifications of products, people and processes. It addresses common concepts, definitions, certifications of different types, as well as clarifies the mandatory and legal
background for some certifications. It also explores the analogies and disparities between a number of existing certification schemes. Finally, it
analyses current trends in certification and offers six recommendations to improve network and information security in Europe through a wider use of security certification.
Recommendations:
- ENISA recommends that organisations should certify their information security management systems, choose certified security products where possible and encourage information security employees to choose
one or more appropriate personal information security certifications. - Starting from ISO 27001 as the standard of choice for the certification of information security management systems in private and public organisations, the development of the complementary standards of the
27000 family should be encouraged. However, their value must be verified on a case-by-case basis.
The case of small or medium-sized organisations deserves particular attention.
- Special attention should be paid to areas where Common Criteria evaluation has become mandatory, and to the impact on the market.
The EC should reconsider the feasibility and benefits of extending the intergovernmental Mutual Recognition Agreement on Common Criteria to all Member States as a shared tool contributing to a more secure e-Communication market.
Government, vendors and security experts should analyse ways of building solid business models for product certification according to various schemes.
Framework Programme 7 should consider sponsoring research to analyse the economics of the certification of products. - The European Institutions should consider the feasibility of strengthening accreditation schemes related to people certification in IT security as well as a more systematic reference to recognised standards.
The European Institutions should also encourage the development of people certification adapted to different types of professional use of IT systems, from the enduser level (Computer Driving Licence) to the most professional (e.g. IT security officer). - The European Institutions should consider ways to reinforce bridges between education (schools and universities) and the certification process (private training and certificate providers) throughout a professional career.
- At a more individual level, ENISA recommends that the decision to seek a certificate should be based on the following questions: Do I want information security to be my certified profession? Do I want to prove that I can work in information security? Do I want to prove expertise in a very specific area of security? Or do I just want to prove IT skills which include aspects of security?
For more information, please refer to the full
report.
Thursday, April 03, 2008
A report by the UK media regulator, Ofcom, has reported that 'millions of children are using social networking websites intended for older users.'
Despite the minimum age requirement of between 13 and 14 yrs set by Bebo, MySpace and Facebook, the report found that more than 25% of UK 8-11yr olds have a social network profile.
The Home Office is due to disclose a set of guidelines for such sites involving best practice, security and privacy on Friday 4th April.
This report by Ofcom showed a "significant difference" between the perception of risks in using social network sites between parents and children.
James Thicket, director of market research, Ofcom stated, "While people are aware of the status of their profile, there is a general lack of awareness of the issues attached to them around privacy and safety". He also added, "People put aside concerns about privacy and safety believing they have been taken care of by someone else".
The lack of child protection in such social network sites is further demonstrated by the following Ofcom figures:
41% of children allowed their profile to be viewed by anyone -
16% of parents did not know if their child's profile could be seen by strangers -
The vulnerability of children (especially younger ones) to online predators cannot be ignored and Mr Thickett goes on to say,
"Children are using these sites with a far lower awareness of some of the issues and rules that these sites entail".
Ofcom plan to monitor and review the new guidelines agreed by social networks and the Home Office.
Dr Rachel O'Connell, Bebo chief safety officer, said, "We're working with the regulatory bodies. It's critical to our business that we adhere to these guidelines".
For more information see BBC and The Guardian.
Thursday, March 27, 2008
The Guardian newspaper reports that the first UK national strategy for child Internet safety (which includes a streamlined system for classifying computer games and codes of practice for social networking sites) will be set out today, 27th March 2008.
This comprehensive and detailed report carried out by child psyhologist, Dr Tanya Byron, showed that parents are worried about online predators and children are worried by cyber bullying.
One of her proposals includes new codes of practice to regulate social networking sites, such as Bebo and Facebook, and standards on privacy and harmful content.
Dr Byron states that these social networking sites should be asked to agree on codes of practice on harmful content and calls for an independent body to evaluate whether the site is meeting such standards.
She is planning to say that the online explosion has rendered parents as "...the Internet immigrants" and children as "...the Internet natives.." leaving parents lagging behind as as result of the fast past of technology.
Dr Byron is reported to have said yesterday, "Ironically parents' concerns about risk and safety of their children in the streets and outside has driven a generation of children indoors, where it could be argued they are being exposed to a whole new set of risks".
Suprisingly, the British Board of Film Classification system fails to provide any indication about the actual content of computer games or to explain their age rating.
Full article here.
Wednesday, March 26, 2008
The UK government is pledging action to protect teachers from bullying through mobile phones and the Internet.
During the NASUWT Annual Conference 24-27 March 2008, Secretary of State for Children, Schools and Families, Ed Balls, is expected to address union members declaring that the cyber bullying of teachers should be regarded as a "serious disciplinary offence".
A "cyber bullying taskforce" for England will be responsible for preventing teachers from being targeted by pupils.
NASUWT leaders (the largest UK wide teachers' union) want mobile phones classified as "potentially offensive weapons" as well as a ban on online allegations. Until now the government taskforce has focused on the effects of cyber bullying on children, but with the increasing numbers of teachers being harassed online, the situation for teachers can no longer be ignored.
The cyber bullying taskforce includes representatives from anti-bullying and children's charities, the Internet industry and teachers' groups.
The general secretary of NASUWT, Chris Keates, stated, "I am pleased the government accepts that we need strong policies in schools which focus on teachers. Increasingly, teachers' lives are being destroyed by what pupils are doing" and added, "pupils who once had to content themselves with exhibiting poor behaviour when face to face with the teacher, now increasingly use technology to support their indiscipline. Relying on industry self-regulation to resolve this problem is the equivalent of waiting for hell to freeze over".
Read full article at BBC website.
Tuesday, March 25, 2008
Another "security lapse" has allowed unauthorised access to personal photos posted on Facebook. What makes this situation all the more worrying is that it happened after a recent upgrade to the website's privacy controls.
This incident was verified by the Associated Press after they were alerted by computer technician, Byron Ng.
Facebook spokeswoman, Brandee Barker stated, "We take privacy very seriously and continue to make enhancements to the site".
This latest lapse is yet another warning about the dangers of sharing photographs and personal information online, even when such websites attempt to assure its members that their information cannot be accessed by everyone.
Even after such warnings, increasing numbers of teenagers and young adults are still publishing personal details on the Internet.
MySpace.com, the only online social network larger than Facebook, also experienced a similar security lapse last year.
Full story at CNN website.
Reuters recently reports on cyber warfare, from the Cold War Soviet oil pipeline explosion to the current information security situation. "The pipeline explosion was probably the first major salvo in what has since become known as cyber warfare. The incident has been cropping up in increasingly urgent discussions in the U.S. on how to cope with attacks on military and civilian computer networks and control systems - and how and when to strike back. Air traffic control, power plants, Wall Street trading systems, banks, traffic lights and emergency responder communications could all
be targets of attacks that could bring the U.S. to its knees."
According to Director of National Intelligence Michael McConnell's testimony to a Senate committee, "[the US] information infrastructure - including the Internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries - increasingly is being targeted... by a growing array of state and non-state adversaries." The Pentagon adds that it detects three million attempts to infiltrate its computer networks every day. On a report of the US Government Accountability Office, an audit of 24 government agencies, including Defense and Homeland Security, had shown that "poor information security is a widespread problem with potentially devastating consequences" pertaining to the inevitable involvement of civilians with private companies owning more than 80 percent of the infrastructure.
"Unlike traditional defense categories (i.e. land, sea and air), the military capabilities required to respond to an attack on U.S.
infrastructure will necessarily involve infrastructure owned and operated by the private sector," according to Jody R. Westby, CEO of Global Cyber Risk and a champion of better public-private coordination to cope with cyber attacks.
The article further discusses the importance of public-private coordination and the power of botnets in this warfare. A scenario of the damage extent and how the cyber warfare may unfold was also drawn from an interview with Westby.
Read the full article here.
Wednesday, March 19, 2008
An unexplained "security breach" at the US supermarket chain, Hannaford Bros., resulted in 1800 reported (to date) cases of fraud after about 4.2 million unique card numbers were exposed. This is reported to be one of the largest data breaches ever.
Although the supermarket chain is said to have become aware of the breach on February 27, 2008, investigators report that it actually began on December 7, 2007 and Hannaford Bros. vice president of marketing, Carol Eleazer stated that, "it wasn't contained until 10 March, 2008".
The company's president and CEO, Ronald C. Hodge stated, " We have taken aggressive steps to augment our network security capabilities. Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions".
The US Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed that they are investigating this case.
Beth Givens, director of Privacy Rights Clearinghouse said that debit card holders involved in this incident were most at risk of fraud. Banks generally cover costs from fraudlent charges on credit cards but it might prove more difficult in proving fraud once a criminal has cleared out an individual's bank account.
Visa and MasterCard state in their contracts with retailers that they do not divulge the source when a data breach occurs. Such a law does nothing to help either the customer or the retailer in these situations.
Following criticism of the delay in notifying the public about this breach, Carol Eleazer said, " We moved with all deliberate speed to get out to customers with information that we could have confidence in..."
Read full article at CNN website.
Tuesday, March 18, 2008
Once again parents in the UK are being warned by teachers about the possible dangers to children by Internet and mobile phone misuse.
A survey of the Association of Teachers and Lecturers' members reports that more than half are aware of pupils being "cyber bullied" and 16% have been victims themselves.
Dr Mary Bousted, General Secretary of the Association of Teachers and Lecturers calls for more serious consequences and policies which might deter such behaviours. She then went on to suggest that as most cyber bullying takes place outside school hours, it might be difficult for teaching staff to take action.
What about the parental role? With parents complaining that their young children are watching pornography in the school playground on their mobile phones, it seems that the call to engage parent-teacher dialogue is not before time.
Unfortnately the situation is more complex, as Dr Bousted points out the difficulty in punishing children for such behaviours without the complete support of the parents, adding, "...it's not just students who can behave inappropriately through the Internet, it's parents as well".
Read full article at BBC website.
Monday, March 17, 2008
The Washington Post's Security Fix features an article on vishing scams reporting three recent vishing attacks and how these attacks were done. According to the article, a series of well-orchestrated wireless phone-based phishing attacks against several financial institutions took place last week illustrating how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.
"The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date
and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down)."
The article also pointed out the importance of installing the latest security updates on the Web servers as well as the use of non-obvious passwords to help mitigate these kinds of vishing attacks.
Read the full article on the Washington Post.
Once more there is some discussion about privacy laws regarding the content of e-mails.This time it concerns the publishing of letters reportedly sent by e-mail by an aide to the Mayor of London, Ken Livingstone. The American writer GK Chesterton is said to have argued that the best reason for leaving the country and moving to the city was to avoid everyone knowing your business.
Such a move might be laughable now, as it appears that privacy no longer exists. The author Clive James suggests,
"...every computer you sit down at, is a direct pipeline to universal publicity for any thought you dare to express..."
Indeed with the planned closure of around 3000 post offices in London, sending a letter by post may soon be a thing of the past.
Full article at BBC website.
Friday, March 14, 2008
Thorsten Holz writes about Measuring and Detecting Fast-Flux Service Networks on the Honeyblog, a weblog that deals with IT-security related stuff, honeypots/honeynets, malware and bots/botnets. Findings on a lab project focusing on fast-flux service networks (FFSNs), a mechanism used by attackers to build an overlay network on top of compromised machines, were published in a paper at NDSS'08.
The paper presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. "Through [their] measurements [they] show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, [they] developed a metric with which FFSNs can be effectively detected. " Possible mitigation strategies are also discussed in the document.
Read the full paper here.
More about the paper on Honeyblog.
Thursday, March 13, 2008
Time Warner's AOL Internet Divison is buying the social networking site, Bebo, for $850m cash.
Social networking sites are valuable to online advertisers as the information posted by members is very valuable to online advertisers who can then target them with those products and services which match their profiles.
Bebo is reported to have 40 million members worldwide, many of whom are within the 13-24 year old age range and thus attractive to advertisers. ComScore report that Bebo is the UK's second most popular social networking site after Facebook. In the US, Bebo is the third biggest social networking site, after MySpace and Facebook. ComScore report that Bebo is the world's ninth most popular social site.
Read full article at bbc website.
On 11 March 2008, the Initiative for the Regional Integration of South American Infrastructure (IIRSA) and the Inter-American Communications Commission (CITEL) jointly organized at the Inter-American Development Bank (IDB) headquarters a workshop on International Roaming Services for Mobile Telecommunications, the first component of an IDB Technical Cooperation to support the project known as Implementation of a Roaming Agreement in South America, included in IIRSA’s Implementation Agenda Based on Consensus. Following this event was the XII meeting of the Permanent Consultative Committee on Telecommunications I (PCC.I) of CITEL, held at the IDB’s headquarters, in Washington D.C., from 12 through 14 March 2008, during which telecommunication-related topics deemed important for the region were discussed, such as the coordination of standards for telecommunication networks and services, convergence, analysis of cybersecurity issues and critical infrastructure and the use of telecommunications in emergencies, among others.
A presentation on the Overview of ITU-D Activities Related to Cybersecurity and Critical Information Infrastructure Protection was given by Robert Shaw, head of the ICT Applications and Cybersecurity division, during the CITEL meeting, providing background information on ITU, cybersecurity, related ITU key activities underway, and an outline of the Framework for Organizing a National Approach to Cybersecurity. Specific cybersecurity-related activities and initiatives as well as a case study on botnets were also presented.
Another presentation on Management Framework for Organizing National Cybersecurity/CIIP Efforts was given by Joe Richardson, further discussing the ITU Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self-Assessment Toolkit.
For more information on CYB's activities involving cybersecurity, visit the division website.
Tuesday, March 11, 2008
The ICANN Security and Stability Advisory Committee (SSAC) recently released an advisory on fast and double flux attacks. "'Fast flux' is an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anticrime efforts aimed at locating and shutting down web sites used for illegal purposes." This Advisory describes the technical aspects of fast flux hosting and fast flux service networks. It explains how the DNS is exploited to abet criminal activities that employ fast flux hosting, identifying the impacts of fast flux hosting, and calling particular attention to the way such attacks extend the malicious or profitable lifetime of the illegal activities conducted using these fast flux techniques. It describes current and possible methods of mitigating fast flux hosting at various points in the Internet. The Advisory discusses the pros and cons of these mitigation methods, identifies those methods that SSAC considers practical and sensible, and recommends that appropriate bodies consider policies that would make the practical mitigation methods universally available to registrants, ISPs, registrars and registries (where applicable for each).
Read the full advisory here.
Monday, March 03, 2008
The UK industry watchdog, the Press Complaints Commission (PCC), will undertake an investigation into the use of material taken from personal profiles on social networks by newspapers.
Tim Toulmin, director of the PCC has said that his organisation had received complaints from people about material "that is being re-published when they themselves are the subject of news stories", and suggests that guidelines are necessary in order to guide the press in their use of social network content. Due to the present lack of boundaries, the PCC has commissioned Ipsos MORI to conduct research into public attitudes. In addition, Mr Toulmin points out that social networking sites have a responsibility to advise their users about the implications of uploading personal information to public, or semi-private spaces and goes one step further, saying, "..the press do have obligations over and above those that govern the online community".
However, Bob Satchwell, Director of the Society of Editors stated that the press should be subject to the same regulation as the public.
The recent media interest in the large number of suspected suicides among young people in Brigend, UK, has caused concern about the way social network profiles were being used by journalists.
The British Journal of Photography has stated that the publication of images on social networks does not automatically grant rights to republish photographs elseware.
Read full article on BBC website
The European Commission recently proposed a new Safer Internet programme to enhance the safety of children in the online environment. Encompassing recent communications services from the Web 2.0, such as social networking, the new programme will fight not only illegal content but also harmful behaviour such as bullying and grooming. With a budget of €55 million, the programme, which builds further on the successful Safer Internet programme started in 2005, will run from 2009 to 2013.
The proposed new programme will:
- Reduce illegal content and tackle harmful conduct online.
- Promote a safer online environment.
- Ensure public awareness.
- Establish a knowledge base.
Read the full press release here.
For more information on the Safer Internet Programme, click here.
Wednesday, February 27, 2008
Websense Security Labs has discovered that Google’s popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to create bots that are capable of signing up and creating random Gmail accounts for spamming purposes. Websense believes that from the spammers’ perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide
portfolio of services. Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis. According to Websense, these accounts could be used by spammers at any time for abusing Google’s infrastructure. A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google.
A detailed analysis report is provided showing the entire process of the CAPTCHA breaking hosts. Read more about the analysis report here.
The Australian federal Government's plan to have internet service providers filter pornography and other internet content deemed inappropriate for
children is going full-steam ahead. The Government wants to evaluate content filters in a controlled environment. Trials are to be conducted soon in a closed environment in Tasmania. Enex TestLab was selected more than six months ago after the Australian Communications and Media Authority closed a tender for an organisation to test ISP-based content filters. ISP-based filters will block inappropriate web pages at service
provider level and automatically relay a clean feed to households. To be exempted, users will have to individually contact their ISPs. The trial will evaluate ISP-level internet content filters in a controlled environment while filtering content inappropriate for children, Enex said. "We invite vendors of all types (hardware appliances, software - proprietary or open-source) of ISP-based internet content filters to participate." The testing is slated for completion by July and will be followed by live field trials.
The internet sector has consistently voiced concern about the Government's ISP filters. Internet Industry Association chief executive Peter Coroneos has said any clean feed policy would have to be balanced against the likely financial and performance costs, and ACMA's first annual report to Senator Conroy confirmed his fears. On the performance impact of filters, ACMA said: "In the case of personal computers the cost of upgrading processing power may be modest (although significant in terms of household income). "However, for ISPs the cost of upgrading or augmenting the expensive hardware that they typically deploy may be substantial, particularly for small providers."
Read the full article on the Australian IT.
Tuesday, February 26, 2008
According to a report from vendor Mcafee, the growing number of cyber criminals in areas of Asia and Eastern-Europe is the result of a lack of IT jobs for qualified professionals. Joe Telafici, vice president of operations at Mcafee says that "the motivation to engage in illegal behavior is strong in Eastern Europe where technical skills were widely taught during the Cold War but economic
opportunities are limited. The same is true in Asia, where population growth has stretched strong economic performance to the limits." In China, 43 per cent of IT graduates are unemployed, and hacker "training" web sites are creating a pool of effective malware authors and paying them like
a legitimate business.
Read the full article here.
Friday, February 22, 2008
The ITU Regional Cybersecurity Forum ended yesterday following the adoption of the Doha Declaration on Cybersecurity. The ITU Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection (CIIP) was held in Doha, Qatar, 18−21 February 2008 in collaboration with the Qatar Supreme Council of Information and Communication Technology (ictQATAR) and the Qatar Centre for Information Security (Q-CERT). Over 80 representatives from 18 countries in the Arab region as well as key regional organizations including the League of Arab States, Gulf Cooperation Council, and United Nations Economic and Social Commission for Western Asia, participated in the Forum.
"Global interconnectivity creates new interdependencies and risks that need to be managed at national, regional and international levels," said Mr Sami Al Basheer Al Morshid, Director of ITU’s Telecommunication Development Bureau. "The formulation and implementation by all nations of a national framework for cybersecurity and critical information infrastructure protection represents a significant first step in addressing the challenges arising from globally interconnected ICT infrastructures."
During the event, the role of governments in leading national cybersecurity efforts was discussed as well as the critical role of the private sector and other groups in developing policy and law aimed at the implementation and operation of a national cybersecurity strategy. The Forum stressed the importance of reviewing national cybercrime legislation to address threats in cyberspace and called for a national focal point for cyber-incident management to strengthen watch, warning, investigation, response and recovery. Discussions were also held on the necessity of promoting a national culture of cybersecurity to ensure that all users, owners and operators of information systems and networks know their responsibilities with regard to security and develop appropriate tools to combat cyber attacks.
Referring to the recent damage to undersea optical cables, said to have been caused by an adrift ship anchor according to the operator
FLAG, Mr Al Basheer said that experience is the hardest teacher. "Whatever the cause, whether intentional or not, whether cybercrime or a mundane accident, the lesson we take away is that every nation needs to organize itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents," said Mr Al Basheer.
Read more of the ITU press release here.
Thursday, February 21, 2008
According to reports, DDoS (Distributed Denial of Service) assaults on online gambling sites, particularly on major online poker websites, have surfaced this week. The online poker information portal Poker-king.com advised that many online poker and casino properties have suffered outages, naming Full Tilt Poker as probably the most visible with an inaccessible website for as long as 48 hours, probably incurring serious losses in business. As of 5 am EST Tuesday, the website is redirecting to www2.fulltiltpoker.com as a consequence of the attacks. According to the ShadowServer.org organisation, the attacks on Internet gambling sites commenced on 10 February 2008 and continued through to 18 February 2008. Among the targets were Full Tilt Poker, Party Casino, Titan Poker, Virgin Games, CD Poker, Europa Casino, and a number of Russian online gambling including Pokerlistings.ru. The extent of the outages for each site varied depending on the ferocity of the attacks and if they had any anti-DDoS attack measures in place. Full Tilt Poker is clearly still having issues while a number of the Russian web properties are still down. There have been reports that Full Tilt's poker room has crashed numerous times over the past few days, including an embarrassing outage during the final table of the FTOPS main event. The motive behind the attacks is still unknown.
Read the full report here.
Friday, February 15, 2008
Once more there is controversy over a new database due to go online in September 2008, which will hold the school records of all UK school pupils aged 14years and over. Amid security concerns from a number of sources, the British government is under pressure not to implement it.
The Learning and Skills Council (LSC) insist that it is not a "tracking system" and would in fact be using existing information that had been collected a number of times already. David Russell, national director of resources at the LSC, said "It will only hold factual information such as name, surname, age, postcode, qualifications achieved and courses attended."
Under the Managing Information Across Partners (MIAP) system - to be launched on Thursday 21st February 2008 by Higher Education Minister Bill Rammell - the number will stay with them until they retire.
However, data security watchdog, the Information Commissioner stated that no database could be totally secure and a spokesman added, "We have provided advice and assistance to help ensure that this system is watertight and secure - but no system is immune to human error and breaches can and do occur..."
Last year, the British government put another planned database of children, ContactPoint, on hold, pending a security review and changes to the system including its access controls. ContactPoint is designed for use by child protection agencies. The review was ordered after the loss by HM Revenue and Customs of two discs containing the personal and bank details of 25 million people.
Read full article at the BBC News website
The ITU-D secretariat-based derived base version of the October 2007 draft of the Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: a Management Framework for Organizing National Cybersecurity Efforts is now available online.
This report provides national administrations with a management framework for addressing cybersecurity at the national level and for organizing and implementing a national cybersecurity strategy. As existing national capabilities vary greatly and threats constantly evolve, the report does not provide a prescriptive approach to securing cyberspace. Rather, the framework describes a flexible approach that can assist national administrations to review and improve their existing institutions, policies, and relationships addressing cybersecurity issues.
Although this report is focused on cybersecurity, we note that protection of physical network assets is an equally important priority. We also note that best practices in cybersecurity should in no way suppress freedom of speech, free flow of information and/or due process of law.
The five key elements outlined in this report are:
- Developing a National Strategy for Cybersecurity;
- Establishing National Government–Industry Collaboration;
- Deterring Cybercrime;
- Creating National Incident Management Capabilities; and
- Promoting a National Culture of Cybersecurity.
This document is based on studies underway in the ITU Telecommunication Development Sector’s ITU-D
Study Group Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity.
To continue reading the report, click here.
More information on ITU-D activities related to cybersecurity here.
Wednesday, February 13, 2008
Safer Internet Day, 12th February 2008, was marked around Europe with events to educate children and parents about Internet dangers. A spokeswoman for the Child Exploitation and Online Protection (CEOP), which is coordinating the UK's involvement, said its efforts were focused on getting schools to run assemblies that discuss the issue, had these comments: "it is about them talking about the issue, the personal information they put online and their social networking profiles". Dr David King, chair of the Information Security Awareness Forum (ISAF) voices his concerns about the growing number of messages aimed at young people, "There are a lot of messages coming out from lots of different places but the question is who do you listen to?". ISAF plans to produce best practice guides for businesses and to run events to raise awareness about computer security and will collaborate with web-safety campaign Get Safe Online to promote security awareness.
Read full article at the BBC News website.
Tuesday, February 12, 2008
According to the Washington Post, new research from Damballa suggests that the Storm worm has its roots in "Bobax worm," a computer worm that first surfaced as early as 2004. Bobax spread by exploiting various vulnerabilities in the Microsoft Windows operating system, and turned infected machines into spam-spewing zombies. Damballa researcher Chris Davis asserts that the Storm worm actually first surfaced in late 2006 as seen on this SANS Internet Storm Center alert on 29 December 2006. On 19 January, F-Secure reported receiving a flood of spam advertising new versions of Storm. Researchers soon discovered that all infected systems were controlled using the eDonkey peer-to-peer file (P2P) communications protocol, the same technology
and networks used by millions of people to share movies and music online. Paul Royal, Damballa's principal researcher said "they basically took Bobax and made all of them become Storm victims, and then started the propagation of Storm through that method. So Storm used a big botnet to bootstrap
itself, and it was the vehicle by which Storm became very popular very quickly." Damballa
estimates that roughly 17,000 systems remain infected with Bobax.
Read the full article on the Washington Post.
InSafe, the European network of Internet safety awareness nodes, holds its 5th Safer Internet Day today, 12 February 2008, dedicating some time in schools to reflect on some of the Information and Communication Technologies issues and more importantly raising awareness of them. A competition
launched in October 2007 invited young people between 5-19yrs of age to share their online lives and compete for prizes. This year's theme is "Life online is what YOU make of IT." With this, the youth were encouraged to draw from their creativity to illustrate their views of the online
world.
More information about the Safer Internet Day 2008 on the InSafe website.
Thursday, February 07, 2008
With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.
"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is
responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"
Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."
Read the full article on The Guardian.
Tuesday, February 05, 2008
Friday, February 01, 2008
The recent Internet outage has left the experts speculating that there may be greater demand for telecom capacity in the future. Reports indicated difficulty with receiving data sent from the United States to countries affected by the cable damage with an average 50% increase in the time it takes to download Web sites and a 10% decrease in the availability of Web sites overall, Keynote Systems said. Abelardo Gonzalez, a product manager at Keynote, believes the damaged cable incident will spur many global companies to think about new ways of staying connected to the Web in case of emergencies. He adds that companies should look into having backup connectivity through multi-honing their ISPs or even through having a satellite uplink for last-resort connections.
The damage to the cables has raised concerns about future incidents in which a greater number of cables could experience more significant levels of destruction. Paul Polishuk, the president and chairman of the board of the IGI Group of Companies, says one problem with many of the underwater cable systems is that many of the cables join together at shared landing points that could leave large swathes of telecom infrastructure vulnerable to potential terrorist attacks. Andrew Odlyzko, the director of the University of Minnesota's Digital Technology Center, shares Polishuk's concern about the cables' vulnerability and thinks that any significant damage to cables at major landing points would have serious economic consequences as evident on the 2006 earthquakes
that severely disrupted Taiwan's Internet access.
Read the full article on Network World.
Thursday, January 31, 2008
Nnamdi Chizuba Anisiobi, age 31, of Nigeria; Anthony Friday Ehis, age 34, of Senegal; and Kesandu Egwuonwu, age 35, of Nigeria have pleaded guilty to charges related to spam e-mail that promised U.S. victims millions of dollars from an estate and a lottery, the U.S. Department of Justice announced Wednesday. The three were arrested in Amsterdam on Feb, 21, 2006. One of the case scenarios was an e-mail sent by the defendants to thousands of potential victims purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately US$55 million to charity. According to the DOJ, the fraud victims lost $1.2 million by giving the defendants advance fees. "Anisiobi pled guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Ehis pled guilty to one count of conspiracy and five counts of wire fraud. Egwuonwu pled guilty to one count of conspiracy, three counts of wire fraud and one count of mail fraud. The maximum penalty for mail and wire fraud is 20 years in prison. The conspiracy charge carries a maximum penalty of five years in prison." A fourth defendant, Lenn Nwokeafor, was also reported to have fled to Nigeria. He was subsequently arrested by the Nigerian Economic & Financial Crimes Commission on July 27, 2006, and is now being held by the Nigerian authorities pending extradition to the U.S..
Read the full article on The New York Times.
Wednesday, January 30, 2008
The Wall Street Journal recently reports on President Bush's move to improve protection against cyberattacks. Despite promising a frugal budget proposal next month, an estimated $6 billion has been allocated to build a secretive system protecting U.S.
communication networks from attacks by terrorists, spies and hackers. "Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralyzing Wall Street is becoming possible, and that the U.S. isn't prepared. This is 'one area where we have significant work to do,' Homeland Security Secretary Michael Chertoff said in a recent interview."
Read the full article on the Wall Street Journal.
Monday, January 28, 2008
Net-Security.org recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.
Read the full interview here.
According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent
companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85
percent of all spam sent."
Read the full article on The Register.
Read relevant article on Slashdot.
Thursday, January 24, 2008
E360 Insight, LLC filed a complaint against Comcast Corporation on 15 January 2008 accusing the latter of unfairly blocking e360’s e-mail from reaching subscribers. According to e360, in one typical instance, e360 received an error message stating that it’s e-mail was blocked from reaching subscribers because Comcast’s filters determined that e-mail from e360’s servers had been "sent in patterns which are characteristic of spam." According to Direct magazine's report, "the complaint claims that Comcast’s alleged interference with e360’s business relationships cost the firm $4.5
million a year from 2005 through 2007. The complaint also accuses Comcast of sending e360 bogus bounce information, causing the marketer to remove e-mail addresses from its file that were still active. The suit claims the false bounce information cost it almost $2.5 million." E360 asks for more than $12 million in compensatory damages and $9 million in punitive damages from the accused.
Read the full complaint here.
Tuesday, January 22, 2008
The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family
circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.
Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.
According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that
drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.
Read the full article on the Washington Post.
Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."
According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences.
Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.
For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.
Monday, January 21, 2008
Information Week reports that the CIA admitted on Friday at a New Orleans security conference that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. According to Alan Paller, director of research at the SANS Institute, CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. Information about which foreign cities were affected by the outage and other information related to the attack were not disclosed. According to Paller, a written statement from Donahue read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these
attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
The conference was on sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. Discussions also include the new SCADA, Supervisory Control And Data Acquisition, and Control Systems Survival Kit, a document of best practices for SCADA systems.
Read the full article here.
Friday, January 18, 2008
FCW.com reports that "foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst." Two cases of intrusions to the health care systems' servers have been recorded in the past year which alarmed security officials. In early 2007, a Centers for Disease Control and Prevention Web site was infected with a virus, and in April, a Military Health System server holding Tricare records was hacked. Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, said the hackers are seeking to exfiltrate health care data probably for espionage. DHS is increasing its analysis staff to monitor threats in several industries, including health care, and will be issuing more alerts about cyberthreats to health care data, he said. He added further that DHS wants to build a database of health information system intrusions so it can better analyze the threats and develop countermeasures.
More on this report here.
A growing concern among security companies as well as the public this year is the burgeoning market for "protection racket." The computer security
industry was said to have deteriorated with one sharing everything about newly discovered weaknesses to some within it involved in a protection racket. Researchers such as Paul Henry, vice-president of technology at Secure Computing, describe this trend as "a move by a small minority of security companies now paying hackers for exclusive access to newly discovered vulnerabilities. This ensures their customers are protected while the software vendor works out a solution and rolls out a patch, a process that can take weeks." This worries security experts because hackers are now being given a so-called legitimate route of selling vulnerabilities to a single company who then protect their own. "They don't have to run the risk of going to jail any more by actually using a vulnerability, they can just threaten you with it and they get paid. It's extortion," says Henry.
Security researchers are said to be drawn to this new practice due to bad treatment from well-known software companies. Henry explains that "there
have been cases where people reporting vulnerabilities to software companies have been treated terribly and threatened with legal action because the vendors just don't want to look stupid. Security researchers that have found a vulnerability won't get paid by a vendor, and if they think they actually might end up talking to their lawyers and being threatened, then it's hardly surprising they end up selling vulnerabilities to security companies."
Read the full article on The Guardian.
Wednesday, January 16, 2008
A documentary, "The New Face of Cybercrime," created by Academy award nominated director Fredric Golding and presented by Fortify Software, provides a face to the criminals' intent on hacking into systems today. Candid interviews with many industry leaders and executives of large organizations taking steps against these attacks are also included, providing perspective on how they think about these threats and what they are doing about them throughout their companies.
Tuesday, January 15, 2008
The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.
According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.
Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.
Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and
pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:
The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:
The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This
enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.
Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system,
but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.
Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.
Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new
request format is:
GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0
Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.
Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.
A new-generation worm-botnet known as Nugache, according to Dave Dittrich, might be the most advanced worm/botnet yet. It has no C&C server to target, has bots capable of sending encrypted packets and has the possibility of any peer on the network suddenly becoming the de facto leader of the botnet. However, despite numerous worms, viruses, bots and Trojans over the years having one or two of the features that Storm, Nugache, Rbot and other such programs possess, none has approached the breadth and depth of their feature sets. Rbot, with more than 100 features that users can choose from when compiling the bot, enables two different bots compiled from an identical source have nearly identical feature sets, yet look completely different to an antivirus engine.
A disturbing concern, experts say, is that there are several malware groups out there right now that are writing custom Trojans, rootkits and attack toolkits to the specifications of their customers, who are in turn using the malware not to build worldwide botnets like Storm, but to attack small slices of a certain industry, such as financial services or health care. A popular example of this is Rizo, a variant of Rbot. Like Nugache and Storm, Rizo has been modified a number of times to meet the requirements of various different attack scenarios. "Within the course of a few weeks, different versions of Rizo were used to attack customers of several different banks in South America. Once installed on a user's PC, it monitors Internet activity and gathers login credentials for online banking sites, which it then sends back to the attacker. It's standard behavior
for these kinds of Trojans, but the amount of specificity and customization involved in the code and the ways in which the author changed it over time are what have researchers worried."
To read the full article on Nugache, click here.
More security related news at Schneier on Security.
Thursday, December 20, 2007
The article, Beware, botnets have your PC in their sights, by New Scientist republished by TMCnet, provides a brief discussion of the cybersecurity situation in developing countries and how the current conditions may later evolve into an enormous cybersecurity problem in the coming years. Although hackers and cybercriminals tend to attack computers in developed countries at the moment due to more stable and consistent Internet connectivity, it is foreseen that developing countries may be next in line with the increasing technological developments and initiatives such as the One Laptop Per Child (OLPC) programme and Intel's low-cost Classmate computer. "If thousands of Classmates are distributed without adequate security,
or if a previously unknown flaw in BitFrost, OLPC's security system, emerges, the new generation
of cheap PCs will lead to problems... The ITU is assuming that attacks of this kind are a foregone conclusion
and is organising a global effort to help developing countries fortify
themselves against them." ITU, with its Botnet Mitigation Toolkit and Cybersecurity efforts, aims to increase international cooperation among states and provide the training and expertise needed to build CERTs in developing countries.
Read the full article here.
More information on ITU Cybersecurity related activities here.
Wednesday, December 19, 2007
The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.
Read the full article on the OPTA website.
Tuesday, December 18, 2007
Monday, December 17, 2007
Friday, December 14, 2007
According to McAfee, the website of the French Embassy in Libya is currently under attack through IFRAME injection. With the visit by Libyan President Muammar Khadafi in the country, controversy is stirring up which has apparently triggered interest among people behind the attack. The iframe routes the victim to sites hosted through Hong Kong provider, then it redirects the victim to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD). McAfee warns people not to attempt reaching the site as it is still dangerous.
For more information, visit the McAfee Blog.
Tuesday, December 11, 2007
PC Tools recently discovered a social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. It is a new program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners. The program is believed to be making the rounds in Russian chat forums such as CyberLover. According to PC Tools, the "bot" cannot be easily distinguished from a real potential suitor, and the software can work quickly establishing up to 10 relationships in 30 minutes. It then compiles a report on every person it meets complete with name, contact information, and photos, which then may be made available for fraudulent activities. "Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online."
Read the full article here.
Monday, December 03, 2007
Kelly Jackson Higgins, Senior Editor of Dark Reading wrote on how cyberwarfare has evolved into a growing underground market. According to experts, international cyber-spying is considered as the biggest threat for 2008 with the malware economy mimicking legitimate software markets. Malware suppliers are reportedly offering tools that make it easy for criminals with little technical know-how to commit their crimes, and many now advertise their 'products,' and offer support services as a value-add. These, as well as cyber-spying trends, are among the many findings of McAfee's annual Virtual Criminology Report released on 29 November 2007. The report was based on input from more than a dozen
security experts from NATO, the FBI, SOCA, The London School of Economics, and the International Institute for Counter-Terrorism.
"What struck me through most of this report is the threat is more evolutionary than revolutionary -- things we've talked about as potentially developing are now status quo," says David Marcus, senior research and communications manager for McAfee. "That's the disturbing part. Cyberwarfare, or state-sponsored malware, is business as usual." According to the report, what further concerns governments is that this malware, as well as the burgeoning market for zero-day exploits, sold in the black market can also be used for targeting government, banks or other sensitive infrastructures, such as the power grid.
Read the full article here.
The CSI Survey 2007, the 12th of its kind, by the Computer Security Institute, aims to raise the level of security awareness, as
well as help determine the scope of computer crime in the United States. The survey strongly suggests in this year’s results that mounting threats are beginning to materialize as mounting losses. The survey results are based on the responses of 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.
Among the key findings from this year’s survey are:
- The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. Not since the 2004 report have average losses been this high.
- Almost one-fifth (18 percent) of those respondents who suffered one or more kinds of security incident further said they’d suffered a “targeted attack,” defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.
- Financial fraud overtook virus attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. If separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss. Another significant cause of loss was system penetration by outsiders.
- Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59 and 52 percent of respondents reporting each respectively.
- When asked generally whether they’d suffered a security incident, 46 percent of respondents said yes, down from 53 percent last year and 56 percent the year before.
- The percentage of organizations reporting computer intrusions to law enforcement continued upward after reversing a multi-year decline over the past two years, standing now at 29 percent as compared to 25 percent in last year’s report.
For the complete detailed survey results, click here.
A Taxonomy of Privacy by Daniel J. Solove, an associate professor at the George Washington University Law School, won the Privacy Enhancing Technologies award 2006. This paper attempts to identify privacy problems in a comprehensive and concrete manner, and it aims to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.
“Privacy is a concept in disarray,” Solove says. “Abstract incantations of ‘privacy’ are not nuanced enough to capture the problems involved. The law has often failed to adequately protect privacy, and privacy problems are frequently misconstrued or inconsistently recognised. Without an
understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?”
His taxonomy defines threats to privacy from the perspective of the individual, in four categories of potentially harmful activities — information collection, information processing, information dissemination and invasion. With the help of this more comprehensive taxonomy, Solove hopes that privacy considerations can be better recognised and balanced against opposing interests.
Read the full paper here.
Wednesday, November 28, 2007
ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal
organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.
For further information, read ENISA's press release or access the full ENISA Position Paper.
Tuesday, November 27, 2007
USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.
The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the
content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."
Read the full article here.
Friday, November 23, 2007
Monday, November 19, 2007
Wednesday, November 14, 2007
Tuesday, November 13, 2007
John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.
Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.
The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.
To read the full article, visit the Los Angeles Times.
Related article also availabe here.
Monday, November 12, 2007
Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.
Thursday, November 08, 2007
Baltimoresun.com reports on Bush's announcement of a plan to prevent cyberspace attacks on U.S. interests. A $154 million budget was requested as preliminary funding for the initiative, which current and former government officials say is expected to become a seven-year, multibillion-dollar program to track threats in cyberspace on both government and private networks. Lawmakers who recently received briefings on the initiative, however, continue to have many questions, and some remain concerned about the legality of the program and whether it provides sufficient privacy protections. According to a former government official familiar with the proposal, the total start-up costs of the program are about $400 million. "The proposal 'will enhance the security of the Government's civilian cyber networks and will further address emerging threats,' Bush wrote
to Congress as part of his request for additional money for cyber security and other counterterrorism measures. The initiative would first develop a comprehensive cyber security program for the government and then do the same for private networks, the former government official said."
Read the full article here.
Email Submission Operations: Access and Accountability Requirements by Carl Hutzler, Dave Crocker, Pete Resnick, Eric Allman, and Tony Finch has recently been released as Best Current Practice (BCP) 134. This document provides recommendations for constructive operational policies between independent operators of email submission and transmission services to mitigate the propagation of spam and worms. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. For more information, click here.
Tuesday, November 06, 2007
According to the Government Accountability Office (GAO), the government's infrastructure sectors' plans lack protection against cyberattacks and disaster, pointing out that none of the sectors included all 30 cybersecurity criteria, such as key vulnerabilities and measures to reduce them. Among the 17 sectors of the government, information technology and communications had the strongest cybersecurity plans, and the agriculture, food and commercial sectors were the least comprehensive, according to David Powner, director of GAO's information technology management issues.
The Homeland Security Department provided a national plan last year for the sectors as a guide for their individual plans. Greg Garcia, DHS’ assistant secretary for cybersecurity and communications, said that DHS acknowledged the shortcomings based on GAO's findings, but he explained that these sector plans, released in May, represent only early efforts. Garcia further added that "sectors are not meant to be uniformly comprehensive in their cybersecurity efforts, and they must balance cybersecurity risk against other risk management efforts and unique aspects of their infrastructure 'based on its dependence on cyber elements.'" GAO recommended that DHS fully address the cybersecurity criteria by September 2008.
Read full article here.
Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."
Read the full article on InfoWorld.
Monday, November 05, 2007
The article, Myth of privacy busted; Web advertisers scan e-mails, by Louise Story published on the International Herald Tribune, reports on the issue of online advertisers probing on privacy for marketing puposes. "At a meeting of the U.S. Federal Trade Commission about online privacy
Thursday, the regulator's commissioner, Jon Leibowitz, said the agency
would be exerting a tighter grip over online advertising. Leibowitz said that rules about the privacy policies of sites may
need to be established... But some people from the online industry said the FTC should stay out." According to Randall Rothenberg, president and chief executive of the Interactive
Advertising Bureau, if the FTC regulates online advertising, this could limit recent ''extraordinary pattern
of innovation.''
After eight years since the FTC's public
workshop on the use of consumer data in online ads, a lot of the
hypothetical scenarios described back then are now a widespread reality. However, many executives in the advertising industry do not see anything
wrong with online targeting, arguing that the practice benefits
consumers, who see more relevant ads. They add further that for
consumers, providing some innocuous personal data is a small
trade-off for free access to the rich content of the Internet, much of
which is ad-supported. A growing concern, even among online companies, about what information is being used to deliver ads to people is quite evident however.
''The market is getting edgier and edgier, and what is accepted in
the marketplace gets dodgier and dodgier,'' said Martin Abrams, the
executive director of the Center for Information Policy Leadership. ''We have
really moved to a world where we say consumers need to police the
market, and, increasingly, it is a harder world to police.''
Read the full article here.
After the infamous Estonian cyberattack early this year, CyTRAP Labs proposes the 7 lessons learnt from the attacks, and points out how Estonia responded accordingly to these issues. Among the lessons and issues pointed out were:
- Critical incidence response matters, which suggests the need to have a systematic and clearly understood procedure in place that allows a quick identification of what a critical incident response is and what kind of responses must be invoked rapidly (i.e. automatisms) to have a chance to defend against an emerging threat. Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.
- The need for the team to make critical decisions fast. In Estonia, it was decided to protect certain systems. Once those were identified, all connections to those systems from outside the country were blocked. In addition, efforts were undertaken to lure away attackers from critical systems those that were less critical ones.
- Critical infrastructure can mean something different. For Estonia, where much business is being done on the net, critical infrastructure meant financial and communication services by private business were under attack and these are critical to the country’s well-functioning economy. Soon after 27 April 2007, people were unable to buy such essentials as gas and groceries using their payment cards.This is in contrast to what we usually accept as being critical infrastructure, namely electricity and transportation networks.
- No new attack techniques emerged. The level of traffic was not surprising and the mitigation tactics used were tried and true. But what will happen if the attackers are using fast-flux networks or DNS amplification attacks?
- Coordination is vital. All the above can be further complicated if the defense has to be coordinated in real time with several hundred or thousands of ISPs. As Estonia’s experience illustrates, coordination and cooperation with a centralized incident response is critical to achieve success. This was the case with CERT-EE working closely with private ISPs and banks, etc. Unfortunately, in many countries such centralized approach will be difficult to achieve unless the right things are put in place now.
- Trusted social networks as the key to coordinate a successful response. Even CERT-EE needed help and support from others, and social networks came in handy. How else can one convince an ISP in another country to take off a server that is part of a fast-flux network? Developing trust takes time and effort while both parties have to give. A certain degree of sharing or disclosure may result in further growth of trust needed to defend better next time.
- Post mortem analysis - learning to improve. Without analyzing past events learning cannot occur. The challenge with the Estonian example is that other countries must learn from the Estonian experience. This type of international collaboration must be improved beyond government CERTs.
Hence, without getting the major ISPs and financial institutions involved in other countries, post mortem analysis might not help us much in preparing for the next attack of this kind or worse.
This list was made in reference to the presentation of Hillar Aarelaid, eSStonia - the case of the Estonian DDoS attacks, given at the GovCERT.NL IT Security Symposium, Response & Responsibility, in Noordwijk, Netherlands.
Read the full article here.
The House of Lords Science and Technology Committee recently states that the UK government has failed to understand the threat to the continued growth of the internet posed by cybercrime as evident in their response to the committee's report on personal internet security, published on 10 August. The Lords' report had warned of the danger that public confidence in the internet would be lost, due to "perception that the internet is a lawless 'Wild West'." In the government's reply, presented to Parliament on 24 October, the government rejected this as well as the recommendation that there should be a data-breach notification law to provide businesses with incentives to take better care of customer data. According to the government, this kind of law that forced companies to admit when they had been the victims of cybercrime does not prove to be effective, but reassures businesses that they will consider finding "more formal ways" of reporting security breaches to the Information Commissioner's Office (ICO) "when problems arise". The government also rejected calls for software and hardware vendors to be liable for the security of their products, and for banks to guarantee e-fraud refunds.
Read the full article at ZDNet.co.uk.
Friday, November 02, 2007
Wiley InterScience recently launched the journal Security and Communication Networks.
A call for papers has been opened for its special issue focusing on Clinical Information Systems Security, which addresses the need for a secure and trusted computerized approach in managing personal health information, both from a demand and supply side.
The topics of interest in this special issue include, but are not limited to:
- Authentication techniques for CIS
- Authorization mechanisms and approaches for patient-centric data
- Public Key Infrastructures to support diverse clinical information environments and networks
- Cryptographic protocols for use to secure patient-centric data
- Secure communication protocols for the communication of clinical data
- Wireless sensor networks security
- Body sensor networks security
- CIS Database security
- Interoperability across diverse CIS environments (national and multilateral)
- Government and international regulatory and compliance requirements
For more information on submission, dates and peer review, please visit Insecure.org.
Tuesday, October 30, 2007
A bogus email is circulating claiming to be from the Federal Trade
Commission and referencing a "complaint" filed with the FTC against the
email’s recipient. The email includes links and an attachment that
download a virus. As with any suspicious email, the FTC warns
recipients not to click on links within the email and not to open any
attachments. This mailcious email appears to have a phony sender’s
address, "frauddep@ftc.gov" and also
spoofs the return-path and reply-to fields to hide the email’s true
origin. While the email includes the FTC seal, it has grammatical
errors, misspellings, and incorrect syntax. Recipients should forward
the email to spam@uce.gov and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.
More information on this spam report at the Federal Trade Commission website.
Monday, October 29, 2007
World War 2.0, a news video on Wired Science, presents the realities of internet warfare and how a botnet attack against Estonia might have been a manifestation of this new war technique. Botnets are so powerful, and hackers are very skilled and experienced that they can "destroy servers of a whole state." Josh Davis traced back when the attack against Estonia started and how security officials in Estonia fought back. Bill Woodcock, founder of Packet Clearing House, provides a brief explanation on how a botnet operates and how the attack against Estonia happened. Jaak Aaviksoo, Estonian Defense Minister, Ago Väärsi, technical manager at Postimees.ee, and Hillar Aareland, head of the Estonian CERT, were also interviewed as well as Russian internet security expert Emin Azizov and IT director of the United Civilian Front Eugeni Grigorian. Learn more about the attack by watching the video report here.
Friday, October 26, 2007
John E. Dunn of Techworld reports on the Austrian Police's intention to use specially-crafted Trojans to remotely monitor criminal suspects.
"According to reports in Austrian media, the minister of justice Maria Berger, and Interior Minister Gunther Plater, have drafted a proposal that will be amended by legal experts and the cabinet with the intention of allowing police to carry out such surveillance legally with a judge’s warrant... According to Berger, Trojans would only be used in cases of serious crime, such as terrorism and organised racketeering. The Swiss authorities have declared the intention of using the same controversial technique, but only in cases of the most extreme nature, such as terrorism... The Austrian, German and Swiss governments have yet to explain how they would circumvent security programs that might be used by criminals to protect themselves, whether this would involve collusion with security software companies, and what would happen if such software-busting Trojans were subsequently reverse engineered and deployed by criminals
themselves."
Read the full article on Techworld.
Monday, October 22, 2007
Brandon Enright, a network security analyst at University of California, San Diego, recently presented his findings at the Toorcon hacker conference in San Diego indicating the steady shrinking of the Storm Worm Botnet. According to Enright, it is now about 10 percent of its former size. Enright has been tracking Storm since July. "He has developed software that crawls through the Storm network and he thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer." Enright asserts that the numbers are far less terrifying though saying that in July, Storm appeared to have infected about 1.5 million PCs with 200,000 of which being accessible at any given time. He said that "a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."
According to Enright, the Storm Worm botnet started to dwindle in July when antivirus vendors began stepping up their tracking of Storm variants and got a lot better at identifying and cleaning up infected computers. With Microsoft's added Storm detection (Microsoft's name for Storm's components is Win32/Nuwar) into its Malicious Software Removal tool available with every Windows system, which was released on September 11, Storm infections dropped by another 20 percent overnight. Enright's most recent data counts 20,000 infected PCs available at any one time, out of a total network of about 160,000 computers.
To read the full article, click here.
The International Herald Tribune reports on Russian hackers being one of the biggest threats to internet security.
"Internet security experts say that only the United States and China rival Russia in hacker activity. But Russia has only 28 million
Internet users, according to rough estimates, compared with 210 million in the United States and 150 million in China, meaning that Russia has a higher percentage of scammers. VeriSign, the Internet services company, considers Russian hackers to be the worst, in part because they tend to have ties to organized crime outfits that embezzle money with stolen bank and credit card information... While the West has complained about Russian laws and enforcement, some Russian officials take issue with the criticism. Aleksei Likhachev, a member of Parliament, acknowledged that there had been fewer criminal cases in Russia than elsewhere, but said officials were still learning how to conduct such inquiries. 'It is just that this work is much younger and much less developed in Russia,' he said."
Read the full article, Russian hackers: On the right side of soft laws.
After Japan's Internal Affairs and Communications Ministry signed a joint statement with the German Federal Economics and Technology Ministry in
July, Japan continues to exert concerted effort to tackle the issue of spam. "The ministry has regularly exchanged opinions on the issue at multilateral meetings, such as those of the International Telecommunication Union and the Asia-Pacific Economic Cooperation Conference... France and other countries, with which Japan has established a close partnership on the issue, have gone a step ahead of Japan by introducing an "opt-in" system, under which people are not permitted to send ad e-mails without the prior consent of the people to whom they intend to send them." Opinions concerning fines and punishment for spammers appear to be quite divided among countries though with some countries charging heavier fines than others.
Read the full article here.
An article on CIO, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, provides a detailed account of Don Jackson's discovery of Gozi, 76service.com and the new online crime economy. It also illustrates the evolution of online crime from trojans to sophisticated networks selling bot services. Don Jackson is a security researcher for SecureWorks, one of dozens of boutique security firms that have emerged to deal with the Internet security. From an executable file, Gozi, that Jackson discovered on a friend's computer, he was led to this professionally-run business-like network, later identified as the 76service.com, where he uncovered a "3.3 GB file containing more than 10,000 online credentials taken from 5,200 machines—a stash he estimated could fetch $2 million on the black market." It was also mentioned that "Lance James’ company Secure Science discovers 3 million compromised login credentials—for banks, for online email accounts, anything requiring a username and password on the Internet—and intercepts 250,000 stolen credit cards. On an average week, Secure Science monitors 30-40GB of freshly stolen data, 'and that’s just our company,' says James."
Read the full account of Don Jackson on the CIO website.
Thursday, October 18, 2007
On an interview with Interpol by CNN, Kristin Kvigne, assistant director of Interpol's trafficking in human beings unit, discussed how Interpol currently addresses the growing concern on child pornography and child abuse online. A brief rundown on investigations related to the recently identified child pornographer Christopher Paul Neil was also discussed. According to Kvigne, the latest technological tools utilized by Interpol have greatly aided in the progress of their on-going investigation and manhunt. The Interpol officer further stressed that "Interpol has got great tools in place for preventing people with prior convictions, et cetera, to enter into countries unknown. Countries can use the notice system that Interpol has in alerting other countries as to their traveling potential sex offenders. And Interpol would like to see that used more by law enforcement globally." According to the interview, "Interpol has half a million more pictures of child sex abuse. In fact, more than half a million, with maybe 10,000 or 20,000 kids in them -- 10,000 or 20,000 victims. They've rescued roughly 600." More on Interpol related news here.
Incidentally, Facebook, a popular social networking website, recently expressed its renewed efforts to protect its users from online predators. "The precautions will include a new safety disclosure for parents and a more efficient complaint process to report unsolicited sexual advances and inappropriate content, New York Attorney General Andrew Cuomo announced Tuesday at a news conference. Facebook will also allow an independent examiner -- chosen and paid for by the company, but approved by the attorney general -- to report on its compliance for the next two years." According to CNN, this recent announcement followed an investigation into Facebook launched by Cuomo wherein tests conducted by investigators "revealed 'significant defects' in safety controls and the company's response to complaints." Read the full article on the CNN website.
BBC Hardtalk interviewed the international president of the growing UK-based Internet company, Bebo aimed at young people. The interview tackles the current issues regarding internet security among young people on social networking sites amidst concern about numerous registered paedophiles in such websites.
More details on this interview here.
A paper on wealth of Internet miscreants, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," is available online on the ICSI Center for Internet Research website. The paper discusses "an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, [the researchers] measure how the shift from “hacking for fun” to “hacking for profit” has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year."
To access the paper, click here.
Tuesday, October 16, 2007
John Leyden recently reports on the WabiSabiLabi, an IT company providing space for auction of vulnerabilities and exploits, on The Register. According to the report, "it has exceeded expectations with the submission of more than 150 vulnerabilities in its first two months of operations." Among the vulnerabilities in the marketplace are 51 bugs in Windows, 19 flaws in Linux, 29 web application vulnerabilities, two Mac-related flaws, 10 flaws in enterprise software from SAP, and one IBM-related vulnerability. The company, however do not accept all submitted vulnerabilities. It has recently rejected 40 due to the use of "illegal methodology." Selling prices range between 100 to 15,000 euros each, and currently, 1,000 researchers have registered on the site.
Read the full article on The Register.
Monday, October 15, 2007
The Washington Post recently reported on the Russian Business Network, an Internet business based in St. Petersburg which has become a world hub for Web sites devoted to child pornography, spamming and identity theft. Cybercrime groups including those responsible for about half of last year's incidents of phishing are said to be operating from the company's computer network system.
"The company 'is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations,' Symantec analysts wrote in a report. 'It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials...' But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult. 'They make money on the services they provide,' he said -- the illegal activities are all carried out by groups that buy hosting services... In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. 'In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation,' Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint."
Read the full article here.
Friday, October 12, 2007
A MAAWG document was recently released entitled "MAAWG Best Practices for the Use of a Walled Garden." This white paper discusses the criteria for exit and entry, remediation and subscriber education regarding walled garden. The primary goal of these practices is to help end-users become aware of and remove unwanted programs or malware residing on their personal computers and to stop the network from being used for abusive purposes. To access the white paper, click here. More information on MAAWG activities here.
Wednesday, October 10, 2007
Lani Kass, a former major in the Israeli Defense forces, an instructor at the National War College and also a senior mentor to Operation Checkmate, recently gave a talk at the Air Force Association Air and Space Conference on the future of warfare discussing what cyberspace and cyberwarfare.
"We have been using the electromagnetic spectrum longer than we have been using air and space," she said, noting that the telegraph, one of the most bedrock aspects of cyberspace, was developed around the time of the Civil War. What makes cyber different from the other realms, she said, is that it doesn't take a lot to fight in it. You don't have to build or buy expensive ships, airplanes, tanks or spacecraft. All you need is a laptop or a link to the Internet... That's important since people half a world away can do things now that can limit or eliminate the control of land, air, sea and space that make protections of modern freedoms possible, she said. "If you don't dominate cyber, you cannot dominate in air, or in space, you cannot dominate on land or at sea," she said. "Quite frankly, if you're a developed country, you cannot conduct your daily way of life. Your life essentially comes to a screeching halt."
Cyber Strike commander Lt. Gen. Robert J. Elder also spoke that afternoon of the efforts at Barksdale to make the cyber vision reality. This involves "determining and gathering the people to do the work, determining the new career and training avenues that need to be forged, assessing systems and software for the new missions, establishing command and control procedures and forging alliances with academia and industry, such as the $100 million Cyber Innovation Center being created north of Barksdale."
Read the full article on The Shreveport times.
Tuesday, October 09, 2007
Friday, October 05, 2007
Yesterday, Microsoft announced to launch HealthVault, an online platform to securely store personal health-related information online. The business model relies on performing vertical internet search tailored for health queries. Several organizations signed up to participate in the project including hospitals, disease prevention organizations, and health care companies.
For more information, see articles online of the New York Times, the Economist, discussions in several blogs and the company's press information.
Thursday, October 04, 2007
According to an article by Sharon Gaudin on InformationWeek, cybercriminals are splitting up their giant botnets, which have been diligently built up in the recent months, into smaller pieces to make them more agile, more easily hidden from detection, and easier to manage.
Iftach Amit, director of security research at security company Finjan tells InformationWeek that "smaller botnets get the job done, but smaller botnets generate a lot less traffic. That makes them harder to detect because they make much less noise. They fly under the radar when you're looking for anomalies in behavior." He adds that many botnets are operated from a single command center. If security researchers or law enforcement find that command center, the botnet is effectively shut down. However, if the hacker splits the botnet up into several smaller botners, each with its own command center, if one goes down, the others remain operational.
No apparent news yet link the Storm worm botnet to this trend. It was noted, however, that the Storm worm botnet is not controlled by one command center, which has made it difficult for researchers to shut it down.
Read the full article here.
Heise Online recently reported "on a ruling, dated March 27, 2007, which has only now been published and is likely to have legal ramifications, the local court of the Berlin district of Mitte has barred the Federal Ministry of Justice from retaining personal data acquired via its website beyond the periods associated with the specific instances of use of the site... The local court also opposed the view espoused by operators and some data privacy watchdogs that security reasons justify a recording regime that over short periods of time maps the behavior of all Net users and allows individual users to be picked out." Slashdot adds that "German privacy activists have started a campaign Wir speichern nicht, ("we don't log your data!") which provides manuals how to turn off the IP logging on your server."
In response to this ruling, Patrick Breyer of the German Working Group on Data Retention, who was the plaintiff in the relevant case, has called on all public authorities, departments and agencies of the German Federal State and of the federal states comprising the Federal Republic to abandon their "illegal data retention policies" by the end of this year at the very latest or have additional lawsuits filed. Breyer has made a model complaint available on his website.
Read the complete news report here.
Wednesday, October 03, 2007
HKDNR, together with the Office of Telecommunications Authority (OFTA), HK Police Force, Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and other agencies, dedicates much effort in implementing all possible measures to strike .hk domain names that are related to phishing or spamming sites.
"HKDNR is kept updated daily on a spamvertised domain list so that more comprehensive monitoring can be maintained and immediate action can be carried out against these domains. Any domains that are verified as phishing / spamming will be suspended immediately. According to the information published in mid June in AbuseButler on the top 800 spamvertised domains worldwide over the previous 4 weeks, the number of reports on .hk spamvertised domains accounted for 2.3 % of the total reports received. In early August, the number of reports on .hk spamvertised domains dropped to 0.3 % of the total reports received."
Read the full article at the HKIRC Newsletter (September 2007).
Monday, October 01, 2007
The Anti-Malware Engineering Team, the team that builds the core antivirus, antispyware, anti-rootkit, and related technology used across a number of Microsoft products and technologies, posted on their blog recent "Storm" worm statistics based on the latest release of the Malicious Software Removal Tool (MSRT) developed and updated by Microsoft’s Malware Protection Center (MMPC). According to the Anti-Malware Engineering Team, as of 2PM on Tuesday, PDT, 18 September 2007, "the Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this month’s MSRT from 2,574,586 machines." It has also been reported that another anti-malware researcher who has been tracking these recent attacks presented data that shows that the team knocked out approximately one-fifth of "Storm's" Denial of Service (DoS) capability on 11 September. No continued decrease was evident though since the first day which was presumably due to a newer version of the software that the criminals
behind the deployment of the "Storm" botnet has apparently immediately released.
Read the full article here.
Thursday, September 27, 2007
CNN, on their article "Sources: Staged cyber attack reveals vulnerability in power grid," reports on how an experimental cyber attack conducted by researchers caused a generator to self-destruct. CNN captured a video of the generator shaking and smoking, and then shutting down. This new revelation has consequently alarmed the federal government and the electrical industry on the possibilities if such an attack were
carried out on a larger scale. "Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power. Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could
take months to fix." The staged cyber attack, dubbed "Aurora," was conducted in March at the Department of Energy's Idaho lab.
Learn more about the staged cyber attack and continue reading the article here.
Wednesday, September 26, 2007
OECD has recently released its September 2007 issue of its newsletter. "OECD Information and Communication Policy News was launched in June
2006. Every quarter, it brings the latest news, statistics and best practice recommendations from the OECD on Information and Communication
Policy, including policy for communication infrastructures and services, the information economy, security and privacy, and consumer protection." For more information, visit the OECD website.
Tuesday, September 25, 2007
Sophos recently reported on the hefty jail sentences that the pump-and-dump stock spam gang faces today. 47-year-old Michael Saquella (also known as Michael Paloma), 63-year-old Lawrence Kaplan, 38-year-old Henry Zemla and 26-year-old Justin Medlin
have all pleaded guilty to being part of an international gang that spammed out fraudulent news stories to create artificial demand in stocks, pumping up the share price of 15 small companies (Beverly Hills Film Studios; Body Scan; Cor Equity Holdings; Courtside Products; eDollars, IFINIX; Integrity Messenger; Latin Heat Entertainment; Motion DNA; PokerBook Gaming; TKO Holding; Trans-Global Holdings; V3 Global; Xtreme Technologies; and Zuma Beach Entertainment) and raising more than $20 million from investors. The four men are now facing between 5-10 years in prison.
"Pump and dump stock campaigns work by spammers purchasing stock at a cheap price and then artificially inflating its price by encouraging others to purchase more (often by spamming "good news" about the company to others). The spammers then sell off their stock at a profit. Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from 0.8 percent in January 2005. Earlier this year, Sophos reported how the US Securities and Exchange Commission (SEC) had suspended trading in 35 companies as they were found to be commonly referenced in pump-and-dump stock email campaigns."
Read the full article here.
Monday, September 24, 2007
Sunday, September 23, 2007
A story at Slashdot points to a article with a quote from McAfee CEO David DeWalt, who says that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide. Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss, and other cyber vulnerabilities, DeWalt said. 'Worldwide data losses now represent US$40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online," DeWal remarked. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."'
Wednesday, September 19, 2007
Tuesday, September 18, 2007
Monday, September 17, 2007
The Washington Post reports on Google's call for new international standards on the collection and use of consumer data. "Peter Fleischer, global privacy counsel for Google, told a U.N. audience in Strasbourg, France, that fragmentary international privacy laws burden companies and don't protect consumers. He argued for an international body such as the United Nations to create standards that individual countries could then adopt and adapt to fit their needs. 'The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments,' Fleischer said, according to a transcript of the speech provided by Google."
Investigations over Google's privacy practices are currently conducted by the European Union. There have been controversy and criticisms on Google's privacy policies and its planned $3.1 billion merger with DoubleClick,
an online advertising broker that sells banner and video ads. Critics argue that the merger which would enable the company to collect information on which sites users visit, would hurt competition in online advertising, and that it would aggregate too much consumer data in the hands of one
company. According to Marc Rotenberg, executive director of the Electronic Privacy Information Center and a
critic of the DoubleClick merger, "Google, under investigation for violating global privacy standards, is calling for international privacy standards... It's somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding."
Fleischer proposes the privacy framework developed by the Asia-Pacific Economic Cooperation forum, which he refers to as a balance between information privacy, and business needs and commercial interests. However, critics say that the APEC standards are too lenient. Rotenberg adds further that the APEC rules put the burden on consumers, who must demonstrate that a company's privacy policy has harmed them. Guidelines developed in 1980 by the Organization for Economic Cooperation and Development which influenced the European Union's privacy laws and are usually preferred by privacy advocates, generally focus on the violation of privacy as a right rather than a demonstration of harm caused by the violation.
To read the full article, click here.
Read more about Peter Fleischer's views on privacy on his blog.
The Wall Street Journal Online reports on the five-year sentence given to Irving Escobar, a ring leader in a TJX Cos. linked credit-card fraud. He "was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information, Florida officials said. The sentencing follows a guilty plea by Mr. Escobar, 19 years old, of Miami, to charges that he participated in a 10-person operation that used counterfeit cards bearing the stolen credit-card data of hundreds of TJX customers to purchase approximately $3 million in goods and gift cards."
Read more on this news article here.
Friday, September 14, 2007
Bruce Schneier has posted an entry on his blog arguing that if we want home users to be secure, we need to design computers and networks that are secure out of the box, without any work by the end users. “There simply isn't any other way.”
Interpol proposed on Wednesday the creation of global and regional anti-crime centres to fight criminal activity online and respond quickly to emergency cybercrime alerts. During an international cybercrimes conference in New Delhi, Interpol Secretary-General Ronald K. Noble said that the Internet should not be allowed to become a place where criminals have the upper hand and can escape punishment. Officials from 37 countries discussed identity theft, online bank fraud, Internet gaming and the risks of online terrorist activity during the two-day conference organized by Interpol.
To read the full article, click here.
Thursday, September 13, 2007
The European Union proposes that internet searches for bomb-making instructions should be filtered and blocked across the European Union. "Internet providers should also prevent access to any site giving instructions on how to make a bomb, EU Justice and Security Commissioner Franco Frattini said in an interview... The EU executive is to make this proposal to member states early in November as part of a raft of anti-terrorism proposals. These include the screening of private data of passengers flying into the 27-nation bloc and the creation of an early warning system to alert police forces to thefts of explosives. Representatives of the Internet industry are meeting the EU on Tuesday, the sixth anniversary of al Qaeda's September 11 attacks on the United States, at a European Security Research and Innovation Forum. The Internet has taken on huge importance for militant groups,
enabling them to share know-how and spread propaganda to a mass audience, as well as to link cell members."
Read the full article on Reuters.
Wednesday, September 12, 2007
John E. Dunn reports on Techworld how the global market for criminal malware operates like a supermarket, complete with special offers and volume discounts, as a security company has discovered. On Panda Software’s latest quarterly report, the going rate for a reasonably sophisticated but generic Trojan is between £175 ($350) and £350 ($700), while the email list with which to target victims for the program costs from £50 ($100) per million names. The malware writers even offer specials – in one case the company discovered a site selling a ‘payment capture’ Trojan for £200 ($400) to the first 100 customers to sign up, a saving of £50 ($100) off the normal rate. "In recent months we have witnessed the growing professionalisation of digital crime," said Panda Software’s lab chief Luis Corrons. "The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialised segments. New business models are appearing, as we speak," he said.
Corrons adds that the malware industry now appears to be turning from being just a shop from which malware can be bought, to one where services are offered. For between one and five dollars per executable, malware could be cloaked - encrypted - against the anti-virus software programs it was likely to encounter on a for-hire basis. Finally, criminals could rent spam servers for £250 a time to distribute their assembled malware package, the company said. Corrons also provides details of the cost of hiring DDoS attacks in his blog.
Read the full article here.
An article on The Economist discusses RBN (Russian Business Company), the threats it poses to global cybersecurity, and the lack of cooperation from the Russian government. VeriSign classifies RBN as "“the baddest of the bad"”. The anonymity of the group and its senior figures who are only known through their nicknames, and the apparent backing of politicians have led to the continuing success of its operations. "'“RBN is a for-hire service catering to large-scale criminal operations,”' says the report. It hosts
cybercriminals, ranging from spammers to phishers, bot-herders and all manner of other fraudsters and wrongdoers from the venal to the vicious. Just one big scam, called Rock Phish (where gullible internet users were tricked into entering personal financial information such as bank account details) made $150m last year, VeriSign estimates." Another difficulty RBN poses is its ability to fight back. This had been evident in the Rock Phish attack to the National Bank of Australia in October 2006. After taking active measures against the attack, RBN fought back by taking down the bank’s home-page for three days.
Despite VeriSign having tracked down the physical location of RBN’s servers and the Western law enforcement officers' pressure on their Russian counterparts to pursue the investigation vigorously, RBN remains confident and active. According to VeriSign, "only strong political pressure on Russia will make the criminal justice system there deal with this glaring example of cyber-illegality."
To read the full article, go to The Economist.
A Swedish security researcher, Dan Egerstad, has recently revealed how he collected 100 passwords from embassies and governments worldwide by sniffing Tor exit routers. Egerstad explains on his blog how he did it, and calls attention to and re-iterates the lack of appreciation for cybersecurity among organizations worldwide.
Read related article on Ars Technica here.
Computerworld reports on a worm targeting Windows PCs that is spreading through Skype's instant messenger, making the Voice over IP (VoIP)'s chat software the next target. Dubbed Ramex.a by Skype spokesman Villu Arak, but pegged Pykspa.d by Symantec, the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL, which poses as a JPG image but is actually a download to a file with the .scr extension, wind up infected. Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try. Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware, a file named wndrivsd32.exe, periodically. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.
Skype is only the latest IM client to fall victim to hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been targeted this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.
Read more of this article here.
Tuesday, September 11, 2007
Dancho Danchev’s blog has a post on the agressiveness of the Storm Worm botnet:
“Stage one - infect as many end users with high speed Internet access as possible through the use of client side vulnerabilities. Stage two - ensure the longest possible lifecycle for the malware campaign by having the newly released binaries hosted at the infected PCs themselves. Stage three - take advantage of fast-flux networks to make it harder to shut down the entire botnet. And stage four - strike back at any security researcher or vendor playing around with Storm Worm's fast-flux network or somehow messing up with the malicious economies of scale on a worldwide basis. On Friday I received an email from Susan Williams at aa419.org, and as it looks like several other anti-fraud sites are getting DDoS-ed too :
"On September 2 2007, online scammers began an automated DDoS attack against aa419.org, with the goal of shutting down the anti-fraud site. For some time, aa419 was able to filter the worldwide botnet's attacks by monitoring connections and only allowing legitimate visitors to access thesite. However, by September 5 the hoster was being overwhelmed with nearly 400 GB of incoming requests every hour. Rather than let their infrastructure melt under the onslaught, the server is currently offline. This massive distributed denial of service (DDoS) attack was inspired by aa419.org's mission to blacklist and shut down scam web sites. Since 2004, the all-volunteer organization has recorded more than 18,000 such sites. In addition to publicly warning potential victims of fraud, they work with hosters and registrars to take scam web sites offline quickly, with a success rate of over 97% shut down. Susan Williams, press officer for aa419.org, said, "On the whole, we're positive about this. Not that we enjoy being offline; quite the opposite. But being attacked with a botnet of this magnitude tells us that we are doing serious damage to the organized crime networks that run these scams." Internet crime is increasing at record rates, and aa419.org is at the forefront of the fight against it. "We will continue our work regardless of how many criminals are annoyed by it," Williams said."
Castlecops comments on the DDoS taking place at the site too:
"This newest ddos round started about a week ago and knocked us offline for a couple hours while we figured out what was going on. And we're still under attack, so if the site is a bit slower, you know why. Odd month really, lots of sites, lots of sites, are under ddos. We've got over 10k bots attacking us with more being added daily.""
Spamnation reports that the popular scambaiting site 419Eater and the anti-scam site Scamwarners are the latest anti-spam sites to fall victim to a distributed denial of service (DDoS) attack. Artists against 419 was also hit recently as well as another useful anti-scam site, CastleCops, along with other sites hosting antispam forums.
Spamnation asserts that the Zhelatin (Storm Worm) gang is responsible for a number of other DDoS attacks this year, including an attack against anti-spam sites and download sites operated by a rival spam gang. Zhelatin are known to have spare capacity at the moment. There have been reports that they have built up a botnet containing more than a million computers, not all of which are currently being used for stock and pill spam.
For spam gangs like Zhelatin, a DDoS attack appears to be another opportunity to exploit. When the Zhelatin botnet gets to break in a site, it's more likely that the attack has been commissioned by one of their customers. In the same way that a customer can order a stock spam run, they can request a DDoS attack (although it has been claimed that DDoS attacks cost more than regular spam runs, because there is a greater risk that ISPs or law enforcement will react aggressively to shut down the machines involved).
Read full article here.
Monday, September 10, 2007
Peter Gutmann of the Department of Computer Science, University of Auckland presents how "malware has come a long way since it consisted mostly of small-scale (if prolific) nuisances perpetrated by script kiddies. Today, it's increasingly being created by professional programmers and managed by international criminal organisations. The Commercial Malware Industry looks at the methods and technology employed by the professional malware idustry, which is turning out "product" that matches (and in some cases even exceeds) the sophistication of standard commercial software, but with far more sinister applications."
The presentation discusses extensively how the malware industry has evolved from The Numbers Racket to organized crimes and even further now into the Spam, Carding, Phishing and Botnet businesses, among others. Provided in the presentation as well are case studies and examples, statistics, and technical mechanisms of these growing internet crimes as services.
Read more on Peter Gutmann's work here.
The ITU News Nº 7 September-October 2007 edition features in its Cybersecurity Watch the Cybersecurity Work Programme for Developing Countries. The purpose of the Cybersecurity Watch column is to share information on ITU activities and initiatives related to cybersecurity and countering spam. More information on ITU activities in the domain of cybersecurity can be found at here. ITU–D's ICT Applications and Cybersecurity Division has information on its ongoing projects, resources and publications to assist ITU Member States, including an overview of the ITU Cybersecurity Work Programme for Developing Countries, as well as information on the toolkits mentioned in the article at the CYB website. Details on related workshops and other events can be found here.
Researchers say the growing botnet has enough distributed power to launch a damaging attack against major businesses or even countries. The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers. That's the latest word from security researchers who are tracking the burgeoning network of machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months. Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen. According to Matt Sergeant, chief anti-spam technologist with MessageLabs, "in terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it." Sergeant adds that researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he estimates the botnet generally is operating at about 10% of capacity. Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.
Cyber criminals who control the botnet have a tremendous amount of destructive power. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.
Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware. The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently. MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it. "If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.
Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money. Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages -- 99% of them from the Storm worm -- were tracked crossing the Internet. According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company's 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they've counted 10,218,196.
Read full article at InformationWeek.
Friday, September 07, 2007
On early May this year following the controversial uprooting of the 6-foot-tall bronze statue in downtown Tallinn, the capital of Estonia, the nation faced a series of massive botnet attacks. Estonian government, banking, media, and police sites were flooded by overwhelming internet traffic from all over the world which led to DDoS attacks forcing the sites to shut down and remain inaccessible outside the country for extended periods of time. In mid-May, the major botnet attacks suddenly stopped, and the bots appeared to have been set to run for exactly two weeks after which the infected computers abandoned the attacks and reverted to more traditional botnet activities, like spamming and extortion.
This recent attack on Estonia has proven the power of botnets and it DDoS capabilities. Using rented botnets, hundreds of thousands or even millions of infobombs may be launched at a target, all while maintaining total deniability to bring down a country's information infrastructure.
For more details on the botnet attack against Estonia, read full article here.
An article on how bots attack may also be accessed here.
Wednesday, September 05, 2007
Security firm Sunbelt recently discovered that the Bank of India's hacked website was serving dangerous malware, and the infamous Russian Business Network, an ISP linked to child pornography and phishing, is behind the attack. The service provider in question has developed a notorious reputation. According to VeriSign threat intelligence analyst Kimberly Zenz, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-and-control, denial-of-service attacks and child pornography on every single server owned and operated by RBN."
Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad. Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]." Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code. The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet.
Read the full article on ZDNet.co.uk.
BBC News reports that easy to use tools that automate attacks on computers are being produced by malicious hackers, according to security experts, ranging from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks. The top hacking tools may cost up to £500, with some providing 12 months of technical support. Tim Eades from security company Sana said that malicious hackers had evolved over the last few years and were now selling the tools they used to use to the growing numbers of cyber thieves. Individual malicious programs cost up to £17 (25 euros), he said. At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500. The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based. MPack has been very popular among criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.
Paul Henry, vice president of Secure Computing, said there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack. Mr Henry said the tools were proving useful because so
many vulnerabilities were being discovered and were taking so long to be patched. Many hacking groups were attracted to selling the kits
because it meant they took little risk themselves if the malicious software was used to commit crimes. "The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.
To read full article, click here.
Monday, September 03, 2007
The United States District Court of Washington ruled in favor of Kaspersky Lab, a leading developer of secure content management solutions, granting immunity from liability in the case brought by online media company Zango. According to Zango's lawsuit, Kaspersky Lab should reclassify Zango’s programs as nonthreatening and Kaspersky Labs’s security software should stop blocking Zango’s potentially undesirable programs. "Judge Coughenour of the Western District of Washington threw out Zango’s lawsuit on the grounds that Kaspersky was immune from liability under the Communications Decency Act. The ruling protects consumer choice to determine what information and software is allowed on each computing system, and enables anti-malware vendors with the right to identify and label software programs that may be potentially unwanted and harmful to a user’s computer as they see fit."
Read full article here.
Tuesday, August 28, 2007
Pakistan's Minister for Information Technology Awais Ahmad Khan Leghari said on Thursday that the adoption of cyber crime bill by the federal cabinet was a major step towards ensuring a secure business environment and promotion of e-commerce. He said the e-crime bill which will be
tabled in the parliament very soon, would help draw more business and improve Pakistan's e-readiness ranking as reflected in indices maintained by various agencies and business journals of the world.
The Federal Investigation Agency (FIA) has been given the mandate to probe cases falling under the preview of the e-crime law. He said the e-crime law would require the internet companies maintain their traffic data for at least six months to enable the agencies to investigate cases involving data stored by them. He also added that the government would create special IT tribunals in Islamabad as well as provincial headquarters to investigate and check growing incidents of crimes which remained
unpunished for a lack of specific law.
The Prevention of Electronic Crimes Bill 2007 poses penalties ranging from six months to 10 years of punishment for 17 types of cyber crimes, including cyber terrorism, hacking of websites and criminal access to secure data. Thirteen of the crimes listed under the law are bailable.
Read full article here.
Wednesday, August 22, 2007
The FBI has chosen the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign to host a new law enforcement cybersecurity research center. The bureau said it would provide $3 million to support the first two years' operation of the National Center for Digital Intrusion Response.
The bureau said the state university's IT security scholars would work with FBI cybersecurity specialists to understand what new capabilities are required to better detect and investigate cyberattacks, develop new tools and ensure that FBI agents in the field
can use them effectively. The bureau's expansion of its work with the university team reflects changes in the patterns of crime and national security threats, the FBI said. "While cyberattacks were once considered a specialized niche in law enforcement, today there are digital aspects to many crimes and national security threats; all investigators must be able to pursue criminals operating in cyberspace," the FBI said. "NCDIR will provide training, including intensive summer workshops, so all FBI agents have the opportunity to use these new tools in the field."
Some of the projects and IT security tools developed by NCSA through the funding of the National Science Foundation and other federal agencies include MyProxy, a tool for grid credential management; Framework for Log Anonymization and Information Management, an app that facilitates sharing of log data among secure systems;
GridShib, at tool that supports identity federation for grids; Trustworthy Cyberinfrastructure for the Power Grid; and
Illinois Terrorism Task Force's First Responder's Credentialing.
Read the
full article at
Government Computer News (GCN).
Monday, August 20, 2007
Friday, August 17, 2007
Researchers are warning universities that they're at risk of being hit with massive distributed denial-of-service attacks when they scan their own networks. According to Doug Pearson, technical director of Ren-Isac, the Storm botnet, a massive botnet that the hackers have been amassing over the last several months, has developed a counter-attack to computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service (DDoS) attack against any computer that is scanning a network for vulnerabilities or malware.
Ren-Isac, which is supported largely through Indiana University, recently issued a warning to about 200 member educational institutions and then put out a much broader alert, warning colleges and universities that their networks could come under heavy attack. According to the alert, this new Storm botnet tactic presents more danger to schools than it is to corporate enterprises simply because of the placement of the scanners. Pearson explains that universities and colleges often have their scanners on a public network making it visible to the Internet at large. If it was protected on a private network, the way it's done with most enterprises, the botnet would not be able to find it so there wouldn't be an IP route to send the DDoS packets.
Don Jackson of SecureWorks said in an interview that slowly but surely IT managers and consumers are getting better at blocking or at least ignoring the e-mail attacks, so the Storm worm authors are setting up a secondary attack venue.
Read the full article at InformationWeek.
Wednesday, August 15, 2007
The New York Times reported on 14 August 2007 that Google and Microsoft are separately developing a system of online health records, which would allow individuals to store, retrieve and provide personal health data to doctors, hospitals, insurers, laboratories, etc. as desired.
Data would been directly uploaded onto these records by health service providers, but access to the information (through PCs, mobile telephones and other digital devices) would be controlled by the patient. The health data stored on the personal online record would also lead their owners to locating relevant health-related information on the web (including advertisements that would likely fund the system).
Other companies specialized in digital health records and search engines are working on similar systems. To eventually reach end-users significant security and privacy issues will have to be resolved in fine-tuning these services
To read more, click here.
InfoWorld reports that security experts warn Germany's new antihacker law could result to more cybercrime and not less. The law, which aims to mitigate the rise of computer attacks in the public and private sectors, was approved in May by the German government and implemented on Saturday. Although Germany already has approved numerous laws to curb attacks on IT systems, the most recent one aims to close any remaining loopholes. Punishable cybercrimes include DOS (denial-of-service) attacks and computer sabotage attacks on individuals, which would extend the existing law that limited sabotage to businesses and public authorities.
The new law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal
purposes. They could face up to 10 years in prison for major offenses.
Security experts from different clubs and vendors such as Chaos Computer Club, F-Secure and Kaspersky Lab, all share the same concern on the legal uncertainty the new law creates. According to them with the new law, their development of hacker tools to test and ensure network system security, which is essential to their business, could get them in trouble and bring them to court in the future.
Other groups of computer experts that develop hacking tools to test the security of computers and network systems have already pulled the out their operations in Germany. KisMAC and Phenoelit, hacker groups that offer a tool to detect security holes in networks, stopped its work in Germany and plans to resume in neighboring Netherlands.
To read the full article, click here.
On an article by InformationWeek, researchers are blaming the virulent Storm worm for a widespread denial-of-service attack that hit Canadian Web sites over the weekend, saying the attack could have been a test of the might of a botnet more than 1.7 million zombies strong.
Johannes Ullrich of the SANS Institute and the Internet Storm Center, said in an interview that "the DoS part was basically an unintentional side effect. It was a whole lot of spam -- enough to make the servers slow down. Once [that much spam] is set loose, it's hard to tell what's going to happen."
The Storm worm has been bombarding the Internet with massive amount of spam e-mails in the form of phony electronic greeting cards for the past several months. This emails lure unsuspecting users to malicious Web sites where their machines are infected with malware that turns them into bots, which adds them up to the massive botnet that the Storm worm authors have been putting together. However, the latest attack used e-mails with limited amount of text instead of the e-card ruse though, which confirms the attack was a test-run, according to Ullrich.
In the first half of this year, it has been reported that the Storm authors had a botnet about 2,815 strong according to the researchers at SecureWorks. That number had skyrocketed to 1.7 million by the end of July. Researchers at both SecureWorks and Postini said they think the Storm worm authors are cultivating such an enormous botnet to do more than send out increasing amounts of spam. All of the bots are set up to launch DoS attacks and that's exactly what they're anticipating.
Read the full article here.
Tuesday, August 14, 2007
On Sydney Morning Herald's Veto for Parents on Web Content, it was announced that ISPs in Australia will be obligated to filter web content at the request of parents. This is part of the $189 million Federal Government crackdown on online bad language, pornography and child sex predators. According to the Prime Minister, John Howard, the Government would increase funding for the federal police online child sex exploitation team by $40 million to aid investigators to track those who prey on children through chat rooms and sites such as
MySpace and Facebook. The Government is also expected to pay $90 million to provide every concerned household with software to filter internet content.
According to the article, the more efficient compulsory filtering of internet service
providers (ISPs) was proposed in March last year by the then Labor leader, Kim Beazley, which the Communications Minister, Helen Coonan, and ISPs criticised as expensive then. Three months later Senator Coonan announced the Government's Net
Alert policy, promising free filtering software for every home that was interested. She also announced an ISP filtering trial to be conducted in Tasmania, but that trial was scrapped.
The ISP filtering measure, according to Mr. Howard is a world first by any Government, and is expected to offer funding to help cover the cost. An ISP filter option will be made available to parents when they sign up with an ISP. This service will be compulsory to all ISPs. The measures are expected to be implemented by the end of this month.
US authorities have reported last month that more than 29,000 convicted sex offenders had profiles on MySpace. In Australia, about 26 per cent of Australia's 3.8 million MySpace users are under 18. To protect the users, MySpace has written to all state and territory governments, and the Commonwealth, asking them to create a national child-sex offender database that requires email addresses to enable them to track sex offenders and remove their profiles on the system.
Read the full article here.
A Report entitled Personal Internet Security from the House of Lords Science and Technology Committee has been made available on Friday discussing primarily the issues pertaining to individual experiences of the Internet. In the report, the U.K., ISPs and
others, has been said to unfairly hold Internet users responsible for online safety. According to the panel, this "laissez-faire" attitude toward personal security is what weakens user confidence. The report proposes that ISPs should be held responsible and avoid them from ignoring spam and malware notices, and that information technology vendors be held liable for not making products secure.
Network security, appliances and applications, how businesses and individuals use the Internet and policing of the online world were studied and dealt with in the Lords inquiry. It also noted that the U.K. government is at fault for not showing leadership in assembling available information and interpreting it for the public. "The Government are not themselves in a position directly to gather the necessary data, but they do have a responsibility to show leadership in pulling together the data that are available, interpreting them for the public and setting them in context, balancing risks and benefits. Instead of doing this, the Government have not even agreed definitions of key concepts such as 'e-crime'." The report recommends the establishment of a cross-departmental group in the Government, "bringing in experts from industry and academia, to develop a more co-ordinated approach to data collection in future. This should include a classification scheme for recording the incidence of all forms of e-crime. Such a scheme should cover not just Internetspecific crimes, such as Distributed Denial of Service attacks, but also e-enabled
crimes - that is to say, traditional crimes committed by electronic means or where there is a significant electronic aspect to their commission."
The committee points out the need for more support for research from the industry as well. "The development of one or more major multidisciplinary research centres, following the model of CITRIS, is necessary to attract private funding and bring together experts from different academic departments and industry in a more integrated, multi-disciplinary research effort."
End-users are still predominantly viewed as unable to protect their own security according to the report. And private companies are driven by strong incentives to either promote security for profit or to oppose it as imposing costs on them according to lawmakers. The committee, thus, proposes that ISPs, being the link between the users and the network, could take more control over the network traffic by blocking or filtering traffic containing malicious code. "We do not advocate immediate legislation or heavy- handed intervention by the regulator," says the lawmakers, adding that the market must be nudged to provide better security.
Further recommendations of the committee include criminalizing trade in botnet services, no matter what their use, creating a unified, Web-based reporting scheme for e-crime, more action on creating a central e-crime police unit, fast ratification of the Council of Europe CyberCrime Convention, and educating courts on Internet crime.
Read the full article on Factiva Content Watch.
To access the report, click here.
Monday, August 13, 2007
On ZDNet Australia's article, "Knowledge is greatest threat to critical infrastructure," researchers and security experts agree that Australia's critical infrastructure still proves to be vulnerable due to insufficiency and lack of educational resources. The article discusses the problem with the security of Supervisory Control and Data Acquisition (SCADA) systems, "the central nervous system for sensors, alarms and switches that provide automated control and monitoring functions for utilities such as water, gas and electricity, as well as large manufacturers."
Jill Slay of the University of South Australia's Defence and Systems Institute, said at the inaugural International Federation for Information Processing (IFIP) Critical Infrastructure Protection conference that Australia needed more stringent audits of SCADA network access, better training and stricter controls over contractors. She believes Federal Government initiatives such as the Trusted Information Sharing Network are good but, at present, are insufficent to keep the SCADA operators aware and updated of current threats and response strategies.
The article also points out that due to the threat of terrorism, there has been increased security concerns on essential services as SCADA systems have increasingly been accessible over TCP/IP protocol corporate networks to improve process automation and visibility of data. According to the article, "the Federal Government's approach to SCADA security has been to garner industry support through cooperative initiatives such as its
Trusted Information Sharing Network, a community of practice networks dedicated to fostering knowledge-sharing and training between government, industry and academia," however "the amount of information available on SCADA systems online provides such a large amount of information out there for those who want to find network vulnerabilities in critical infrastructure."
To read the full article, proceed here.
Thursday, August 09, 2007
On 30 July 2007 in Berlin and 27 June 2007 in Tokyo, the Federal Ministry
of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan signed a Joint Statement expressing the following:
"Information and Communications Technologies (ICT), including the Internet, are key enablers in the development of the economies in both Germany and Japan. Spam poses a potential threat to this economic development. It must be made clear that spam has no legitimate role in the German or Japanese e-economy.
The Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan see mutual benefit in strengthening friendship and cooperation between their two countries through cooperation concerning anti-spam policies and strategies. The aim is to support international cooperation in and among a variety of organizations such as the Organization for Economic Cooperation and Development, the International Telecommunication Union, the United Nations Conference on Trade and Development, the Internet Engineering
Task Force, the International Consumer Protection and Enforcement Network, and the Asia-Europe Meeting.
Under this Joint Statement, cooperation in matters of mutual interest will be able to take place through the exchange of ideas, information, personnel, skills and experience and collaborative activities that will be of benefit to both sides. Because spam has implications for many groups of stakeholders, every effort will be made to ensure that all
interested parties, both public and private, are consulted as appropriate. Particular areas of cooperation will include:
a) Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam;
b) Encouraging the adoption of effective anti-spam technologies and network management
practices by German and Japanese Internet Service Providers and major business network managers, and further cooperation between government and private sectors;
c) Supporting German and Japanese marketers or bulk email senders in adopting spam-free
marketing techniques;
d) Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of multi-stakeholder public information and awareness campaigns to foster increased adoption of anti-spam practices and behaviours by end users in Germany and Japan;
e) Cooperating to strengthen anti-spam initiatives being considered in international
fora."
To access the Joint Statement in different languages, click here.
Friday, August 03, 2007
SRI and Georgia Tech have been working on a new tool, BotHunter, that aims to quickly locate bot traffic inside a network. "BotHunter introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection. It employs a novel dialog-based correlation engine, which recognizes the communication patterns of malware-infected computers within the network perimeter. A government/military version of this software has been in use successfully for about a month, and a public version has recently been released. A highly interactive honeynet using BotHunter is also run by SRI. Dozens of new infections are detected each day, and the site proves to be very helpful in understanding the behavior of the received malware. It generates a list of potentially evil IP addresses and DNS queries as well."
For more information on this new software, visit the BotHunter site.
Tuesday, July 31, 2007
To aid in choosing a good DNSBL, Swa Frantzen proposes at the SANS Internet Storm Center several tips and tricks in gauging which blacklists are effective. Presented as well are several criteria that must be considered by the blacklist administrators. Among the criteria they suggest are:
- Speed of reaction
- Selection criteria
- Goal of the blacklist
- Ease of getting unlisted
- Working Email contact to get unlisted
- Out of band contact details
- Blocking for the right reasons
- Duration of a block
- Automatic delisting
- Granularity of the block
- Security of the blacklist provider
- Extortion
- Warning to those getting listed
To read the full article, click here.
Friday, July 27, 2007
A report released Monday by Government Accountability Office (GAO), a congressional research and investigation agency, reveals that cybercrime (computer crime, identity theft and phishing) costs the U.S. economy US$117.5 billion a year.
"These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment," says the report, released through the offices of Reps. Bennie G. Thompson (D-Miss.), chairman of the committee on Homeland Security, and James R. Langevin (D-R.I.), chairman of the subcommittee on Emerging Threats, Cybersecurity, Science and Technology. However, according to the lead author of the report, GAO Director of IT Management Issues David A. Powner, the staggering losses pegged to cybercrime may even
be worse than estimated. "Whatever is reported by organizations, most of that will likely be underreported because of disincentives to report losses," he says.
The GAO report also acknowledges that certain personnel policies at federal law enforcement agencies may be hurting the fight against cybercrime. "[S]taff rotation policies at key law enforcement agencies may hinder the agencies' abilities to retain analytical and technical capabilities supporting law enforcement," the report observes. "In order to address the challenge of ensuring adequate law enforcement analytical and technical capabilities," it continues, "we are recommending that the Attorney General and the Secretary of Homeland Security reassess and modify, as appropriate, current rotation
policies to retain key expertise necessary to investigate and prosecute cybercrime."
Read the full article at E-Commerce Times.
Secure Science Corporation, in their GPCode Evolution Report, describes the more obscure, previously undocumented traits belonging to the most recent Ransom-based Trojan (known as Glamour). "The code is a modified version of the Prg/Ntos family which was detailed in depth during their Encrypted Malware Analysis in November 2006. While a majority of the functionality has not changed since then, this recent variant is distinctive enough to warrant additional research. In particular, the trojan is now equipped with the ability to encrypt a victim's files on disk. The motive for adding this feature is clearly monetary, as the victim is advised that the files will remain encrypted unless $300 is turned over to the authors, in exchange for a decryption utility." According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan.
Read more about this report on the Secure Science Blog. Access the GPCode Evolution Report here. Secure Science Corporation has also provided the source code for the decrytor and is available here.
Wednesday, July 25, 2007
More and more citizens in Singapore are using government services online, of which 98% can be accessed on a 24/7 hour basis. Such e-government services include, inter alia, online business licensing services that allow entrepreneurs to register their business online, which would result in significant company savings.
To protect Singapore's critical infrastructure from cyber attacks the government established a national cyber threat monitoring scheme in March 2007. International collaboration through computer emergency response teams (CERTS) represents another approach of combating the threats from cyberspace. Through both a public education campaign on cybersecurity and a legal environment dealing with computer misuse, spam, electronic transactions, etc. Singapore aims to increase confidence in using its e-government services.
To read the full article "S'pore: E-govt success lures cyber terrorists" by L. Tann, ZDNet Asia, click here.
Sophos recently released its global statistics naming the top 12 spam-relaying countries for the period between April to June 2007. The US and China tops the list, while Europe, on the other hand, houses six of the top 12 countries mentioned in the statistics, which when combined, account for even more spam-relaying than the U.S. The statistics reveal as well that the overall global volume of spam rose by 9% during the second quarter, when compared to the same period in 2006.
"'While the US remains top spam dog, the latest chart emphasises the urgent need for joined-up global action to combat this growing problem,' said Carole Theriault, senior security consultant at Sophos. 'For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world. A consolidated effort is needed not only to pursue and prosecute spammers, but also to convince computer users everywhere of the importance of blocking rather than responding to spam messages. Everyone has a part to play if we are to win the global battle against spam.'"
Statistics on spam relayed by continent, however, show Asia as the top spam-relaying continent with the number of Asian nations relaying smaller amounts of spam. Europe, which topped the chart in the first quarter of 2007, has reduced its percentage by 6.6 percent and fallen to second place. Asia, North America, South America and Africa have all seen rises in spam-relaying activity.
Read the full article here.
Tuesday, July 24, 2007
A growing, sophisticated technique of propagating cyber-crime, dubbed as fast-flux service networks, has increasingly been elevating the threats we face today on the Internet. "Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations." Despite the awareness of researchers and ISPs of fast-flux for over a year now, all of the current researches on fast-flux is new.
According to the Honeynet Project & Research Alliance, criminal organizations behind two infamous malware families, Warezov/Stration and Storm, have recently adopted this so-called fast-flux service networks into their infrastructures. "The purpose of this technique is to render the IP-based block list, a popular tool for identifying malicious systems, useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.
To fight against fast-flux, "ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; 'blackhole' DNS and BGP route-injection; and
monitor DNS."
Access the full article at the Dark Reading website.
Read more about fast flux service networks on the the Honeynet Project & Research Alliance's new report on the emerging networks and techniques.
Monday, July 23, 2007
The OECD's Ministerial meeting on the Future of the Internet Economy has been opened to an Online Public Consultation, providing an opportunity for all stakeholders to comment on the topics and issues to be discussed at event. The public consultation is scheduled to be open until 14 September 2007, and stakeholders and players may share their views and opinions with the OECD through their Online Questionnaire.
"The Ministerial represents an opportunity for high-level stakeholders from government, business, the technical community, and civil society to consider broad social, economic and technical trends shaping the development of the Internet Economy, and to discuss policies that can respond to evolving societal needs. The participation of all players in the dialogue is important to ensure that the Ministerial is able to benefit from a wide range of viewpoints and expertise."
For more information on the public consultation, go here or visit the OECD website.
KPMG, a global network of professional firms providing audit, tax, and advisory services, released a report on Cross-Border Investigations: Effectively Meeting the Challenge.
KPMG, along with the research firm Penn, Schoen and Berland Associates Inc. approached multinational businesses in diverse industries around the world, and asked those charged with the responsibility for cross-border investigations within those companies how they responded to their current challenges. As the trade barriers fall and international commerce expands, and as the speed of conducting business and remitting funds increases, companies that conduct business across international boundaries are recognizing the corresponding increase in the risk of fraud and misconduct. They thus face several challenges such as taking the appropriate first steps, cultural and legal differences, investigation resources, and the availability and
accessibility of electronic data.
The report proposes that an effective approach can lower the risk of the occurrence of fraud or misconduct, thus lowering the possibility of being hit with serious sanctions, can demonstrate to regulators, shareholders, stakeholders, bond-ratings agencies, and the capital markets that the business takes accountability and control seriously, thereby mitigating damage to reputations, can exhibit the business's commitment to overall corporate governance activities, and can assist in a rapid and efficient response before issues spiral beyond control.
This report aims to provide insights into possible responses to the described challenges. It points out as well that an effective cross-border investigations plan demonstrates not only an organization's sound risk management practices, but also its overall commitment to good corporate governance.
Read the full report here.
Friday, July 20, 2007
The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.
The Recommendation encourages efforts by OECD member countries to establish compatible,
technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.
The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.
Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial
Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.
The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.
Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.
Thursday, July 19, 2007
The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.
The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.
Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.
Public submissions on the Code can be found here.
Visit the Internet Society of New Zealand website for further details.
With the rise of innovative use of information and communication technologies (ICTs), the United Nations Conference on Trade and Development (UNCTAD) cites the "challenges and threats" that go with ICT development and gives emphasis on the importance of information security and risk management in chapter 5 of its Information Economy Report (IER) 2005.
The chapter elaborately presents an appreciation of the following policy points:
- Information Security (IS) needs to be conducted from a Risk Management process perspective; managing IS from a technological, problem-response, reactive perspective is sub-optimal for firms and public institutions.
- Information Security threats mainly come in the form of "social engineering", thus purely technology based defenses are misguided - i.e. they are the Maginot Line of cybersecurity.
- Information Security threats regularly and easily transcend national boundaries, and thus the need for international cooperation and coordination, both at a technical and a policy level, is unambiguous.
- Information Security policy should be a component of the national e-policy and should be appropriately incentivized to adopt a Risk Management framework through regulation.
An overview of international policy discussions on information security concludes this chapter together with a discussion of policy recommendations for Governments and some insights to future developments and relevance for intergovernmental processes and the international community.
Read the full chapter of the IER 2005 here.
Wednesday, July 18, 2007
CRITIS'07 together with IFIP WG 11.10 on Critical Infrastructures Protection, IEEE Computer Society Task Force on Information Assurance, and Joint Research Center Ispra of the European Commission will be holding the 2nd International Workshop on Critical Information Infrastructures Security on October 3-5, 2007 at Benalmadena-Costa (Malaga), Spain. This event aims to bring together researchers and professionals from universities, private companies and Public Administrations interested or involved in all security-related heterogeneous aspects of Critical Information Infrastructures.
Speakers that will grace the event include Jacques Bus of the European Commission, INFSO Unit "Security", Adrian Gheorghe of Old Dominion University, US, and Paulo Veríssimo of Universidade de Lisboa, Portugal. A panel discussion on Resilient Critical Information Infrastructures: a myth or a realistic target? will be held as well.
Visit the CRITIS'07 site for more information.
The new manual on Prosecuting Computer Crimes has been relesed by the Computer Crime & Intellectual Property Section of the United States Department of Justice in March 2007. This 53-page document discusses different cyber crimes and the corresponding penalties that are seen befit for the offenses. Definitions, background information as well as related statutes can also be found in the manual. Offenses discussed include obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. A legislative history on this subject has also been made available.
"When you've got a full-blown security breach on your hands, what do you do? If you've been smart, you'll already have a computer security incident response team -- and a plan -- in place. But many companies are too resource-strapped to have a full-blown, fully-tested incident response strategy." DarkReading proposes six steps on what to do when your security is breached.
1. Assemble an incident response team.
Experts believe that a computer security incident response team (CSIRT) must already be set up even before an event occurs. If a team is not yet in place, the company must create one quickly, and make sure all the stakeholders are there.
2. Assess the initial damage and the risk for more.
"According to BackGrounD Software, a Canadian forensics firm that does security breach damage assessment, the costs of a breach should include not only the technical costs associated with finding and fixing the breach, but also loss of productivity and loss of business. You'll need a plan that not only outlines your strategy for recovering your systems, but that includes steps for recovering customers."
3. Develop a notification plan.
An important decision to be made is who to notify when. Law enforcement, for instance, are contacted first when there is a potential crime involved. Other parties to be notified are customers that might have been affected by the incident and consultants, such as security experts or a computer forensics firm, who must be called in as early as possible.
4. Begin remediating the problem.
It is very important to fully understand the problem and its potential impact before any remediation is done. Otherwise, evidences might be damaged or the problem might aggravate. BackGrounD Software suggests, "disconnect your server(s) from the network, and if there is a potentially malicious code running, disconnect media devices as quickly as possible (i.e. disks, SAN, NAS). You never know how far the intruder has managed to get, so the faster you disconnect the equipment, the more of a chance you have to save your data." The next steps in remediating the problem then depend on the resources and skills available within the team or the company.
5. Document everything.
Experts also stress the importance of documentation as it is often overlooked. Documentation aids in recovering the affected system and in strategizing against future incidents.
6. Develop a strategy for stopping the next attack.
As DarkReading puts it, "if one attacker finds a vulnerability, there's a good chance that he may have accomplices -- or that another attacker might find the same vulnerability." Thus, it is necessary to develop a strategy to block possible holes still existing in the system.
To read the full article, access it here.
Tuesday, July 17, 2007
Gangs of hackers, who are presumed to be based in Eastern Europe, initiated various website assaults now known as "The Italian job." More than 10,000 web pages of popular web sites have been penetrated and infected by this attack, and it is believed to have started in the middle of last month. Most of the infected sites are Italian websites, but the expanse of the attacks has reached Spain and the US as well.
A "tool kit" worth $815 which is sold online in Russia was used by the hackers to embed "keylogger" codes on the computers of those who visited the sites. These codes enable the hackers to access the infected machines and track valuable user information such as bank details and passwords. The gravity of this attack has been evidently tremendous as it was aimed at established websites to steal banking identities.
David Perry, director of Trend Micro, says: "This is a paradigm shift. We can expect to see this kind of thing being replicated now for the next five or six months." He explained that the Italian job has become very effective because the bug has been particularly programmed to adapt to various types of weaknesses in computer security systems. "It looks for a wide spectrum of vulnerabilities in a computer, acting like a sort of Swiss Army knife with many different ways to pierce through the protection."
Access the full article at theage.com.au.
Symantec recently reported that it has detected phishing sites hosted on government servers. In the last month, it has found phony sites hosted on government servers in Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia. This new disturbing trend compromises the credibilty of government-hosted sites and jeopardizes the security within government online transactions.
Basically, these phishing sites managed by data thieves are used to mimic authentic business or government sites in order to gather valuable information from users such as credit card details or account passwords. These information are in demand in the underground market, and these could easily result to identity theft or account fraud.
Government servers that are involved in low-risk jobs are often the target of this sort of scams. However, despite these servers being relatively low-risk, this still poses a problem. "Under the Federal Information Security Management Act, information technology security in the federal government is based on a philosophy of risk management. It does not aim for absolute security — which is impossible anyway — but for the proper level of security. Administrators do a risk-based assessment of their IT systems, prioritizing them by their vulnerabilities, their role in the agency’s mission and the criticality of that mission." Nonetheless, the impact and dangers of these phishing sites that are faced by the citizens should very well be considered in the process of risk-assessment as well.
Read the full article here.
Monday, July 16, 2007
The Computer Science and Telecommunications Board (CSTB) released on 26th June 2007 Toward a Safer and More Secure Cyberspace, "a broad research agenda that includes traditional, problem-specific studies as well as unconventional ideas necessary to combat current
and future cybersecurity threats. The report examines the
vulnerabilities of the Internet and offers a strategy for future
research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated."
To purchase or skim through the publication online, go to the National Academies Press.
Wednesday, July 11, 2007
The Ugandan Government is finalising new cyber laws aimed at protecting computer users from cyber crime, including personal intrusion, national security, fraud and con activities.
"Liberalised information can lead to unwanted uses and usage leading to cyber crime. It is necessary to have legal infrastructure within which the technologies can be used. There are three bills which have been drafted, the Electronics Transactions Bill, Digital Signatures Bill and the Computer Misuse Bill," the information and communications technology minister, Ham Mulira, explained.
Read the full article at allAfrica.com.
For more information on ICT policy developments in Africa, please see the Balancing Act website.
Tuesday, June 26, 2007
Thursday, June 21, 2007
Thursday, June 07, 2007
Wednesday, May 30, 2007
An electronic version of the 2007 Cybersecurity Guide for Developing Countries is available in English. Non-finalized versions are also available in Arabic, Chinese, French, Russian and Spanish. NB: A printed copy of this publication is available on request.
The 2006 version of the guide is available in English and French.
Monday, May 21, 2007
The ITU will be hosting a workshop on 17th Sepember 2007 entitled ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection:
At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) which are globally interconnected. However, with these growing dependencies, new threats to network and information security have emerged. There is a growing misuse of electronic networks for criminal purposes or for objectives that can adversely affect the integrity of critical infrastructures within States. To address these threats and to protect these infrastructures, a coordinated national framework is required - combined with regional and international cooperation. This workshop will review several related ITU initiatives and present two case studies by expert speakers from the United States of America and the European Union on their respective approaches. Attendance at the workshop is open to all interested participants within available space. Further information is available from cybmail@itu.int.
Friday, May 04, 2007
Although the European Commission decided against imposing new legislative restrcitions on radio frequency identification (RFID) tags for now (opting for "soft legislation" instead) , a top official warned on Monday that regulations are likely if future uses of the technology don't protect fundamental privacy rights, reports ZDNet. Gerald Santucci, head of the European Commission unit whose domain includes RFID issues, said he feared that rushing to place restrictions on industries hoping to use the technology would choke its potentially valuable application in health care, business, transportation and other realms. But if regulators deem that widespread RFID use is insufficiently safe, secure and privacy-preserving, then "Mrs. Reding [European Commissioner for Information Society and Media] will have no other option but to trigger legislation," Santucci told participants at a luncheon discussion in Washington DC. By the end of 2008, the commission plans to reevaluate whether legislation is necessary. It's unclear how restrictive any potential rules would be.
Read the full story here (ZDNet). More on the European Commission Policy on RFID can be found here.
RFID, along with sensors and nanotechnology, was one of the key techological developments explored in the 2005 ITU Internet Report on The Internet of Things. An ITU New Initiatives Workshop on Ubiquitous Networks Societies was also held in the same here. Network aspects of identification systems are being studied in the context of standardization by the ITU's JCA-NID.
A United States House of Representatives subcommittee approved a bill on spyware this week, which recommends up to five years in prison for convicted distributors of malicious spyware.
Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the United States Senate. Observers have pointed out, however, that the increasing militancy among users fed up with unwanted software intrusion may make this latest attempt more successful. And there is a lot at stake. Creating trust in the internet will ensure its future development. More on this story is available here.
The ITU is taking a leading role in cybersecurity initiatives, particularly in light of calls for global action made at the World Summit on the Information Society. More information on ITU's work in this area is available here.
Tuesday, May 01, 2007
According to a recent Press Realease by The Infocomm Development Authority of Singapore (IDA), Singapore is already looking into a new five-year infocomm security roadmap (2008-2012) as it embarks on the final year of the current three-year Infocomm Security Masterplan (2005-2008). The Infocomm Security Masterplan was launched on 22 February 2005 as a strategic roadmap to chart Singapore's national efforts in developing capabilities to prevent cyber-security incidents and protect the critical infrastructure from cyber-threats. According to Dr. Vivian Balakrishnan, Second Minister for Information, Communications and the Arts, Singapore "cannot afford to be complacent, especially with new and dangerous threats evolving and growing at such an alarming rate. Instead of simply taking one step forward, we need to be many steps ahead in our efforts to combat cyber threats."
Providing a glimpse of the new five-year Masterplan to be launched in 2008, Dr. Balakrishnan shared that the new infocomm security roadmap will build on Singapore's existing efforts to focus on more international collaborations to improve Singapore's ability to combat cyber threats. The collaborations will look into knowledge exchanges and regular communication between governments on cyber threat trends and protection of critical infrastructure. When launched in 2008, the new security roadmap will also secure Singapore's ultra high-speed and pervasive Next Generation National Infocomm Infrastructure (NGNII) to provide a secure and trusted environment for the creation of new value-added services such as location-based marketing, goods tracking and localised information services and the pervasive adoption of online services such as those in the area of banking, healthcare and education.
Under the current Masterplan, the government has developed various security initiatives to equip public officers with more timely information and knowledge to assess and improve on their cyber defence. This allows them to better protect, detect and respond to cyber threats. An example is the Cyber-WatchCentre which monitors cyber threats real-time and round-the-clock. By mid 2008, the centre will ensure end-to-end security for all public officers, allowing government agencies to better anticipate cyber attacks and respond to them speedily.
For more information on these inititiatives, view the IDA Press Release.
Thursday, March 08, 2007
The first steps towards a globally harmonized approach to identity management (IdM) have been taken during a meeting of the ITU Focus Group on Identity Management (FG IdM) bringing together, for the first time, the world’s key players in the IdM space.
IdM promises to reduce the need for multiple user names and passwords for each service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce. Experts at the meeting concurred that interoperability between existing IdM solutions will provide significant benefits such as increased trust by users of on-line services as well as cybersecurity, reduction of spam and seamless "nomadic” roaming between services worldwide. Abbie Barbir, chairman of the Focus Group on Identity Management: "Our main focus is on how to achieve the common goals of the telecommunication and IdM communities. Nobody can go it alone in this space, an IdM system must have global acceptance. There was a very positive feeling at the meeting that we can achieve this and crucially we saw a great level of participation from all key players."
The meeting of the FG IdM brought together developers, software vendors, standards forums, manufacturers, telcos, solutions providers and academia from around the world to share their knowledge and coordinate their IdM efforts. Interoperability among solutions so far has been minimal. One conclusion of attendees is that cooperation is crucial and that players cannot exist in isolation.
The spirit of the meeting was that everyone will gain by providing an open mechanism that will allow different IdM solutions to communicate even as each IdM solution continues to evolve. Such a "trust metric" does not exist today experts say. Work will continue online and during Focus Group meetings in April, May, and July 2007. An analysis of what IdM is used for will be followed by a gap analysis between existing IdM frameworks now being developed by industry fora and consortiums. These gaps should be addressed before the interworking and interoperability between the various solutions can be achieved. The aim is to provide the basis for a framework which can then be conveyed to the relevant standard bodies including ITU-T Study Groups. The document will include details on the requirements for the additional functionality needed within next generation networks. ITU has a long history of innovation in this field, with key work on trusted, interoperable identity framework standards including Recommendation X.509 that today serves as the primary "public key" technical mechanism for communications security across all telecom and internet infrastructures.
See more information on the Focus Group on Identity Management (FG IdM) website.
Thursday, March 01, 2007
Kaspersky Lab, a developer of secure content management solutions, recently announced its annual report on malware and spam evolution. The report, authored by Kaspersky Lab analysts, surveys the trends of 2006 and looks at what 2007 may bring.
Malware Evolution: 2006. The report provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts. The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.
Spam Evolution: 2006. Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will 'translate' a dog's bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, viagra and cheap software. The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam.
The company's analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.
Read the executive summaries here: Malware Evolution: 2006 and Spam Evolution: 2006.
The full annual report can be found here.
This news item was accessed through Russia Newswire.
Tuesday, February 27, 2007
Thursday, February 15, 2007
This summary provides a general discussion of the amended Information Network and Privacy Protection Act (“INPPA”) of Korea. INPPA sets out the minimum procedural requirements for lawful online transmissions in Korea whereby transmissions of advertised materials against recipients’ refusal to accept are strictly prohibited. Although these rules are applicable to unsolicited commercial e-mails via the internet, they were intended to apply to all modes of telecommunication such as cellular phones, facsimiles, etc.
The Korean government has made continuing efforts since 1999 to curb the increase in spam mail and has since been monitoring the effectiveness of the implementation of additional provisions. The new law targets senders of spam mail that are commercial in nature. Consistent with its effort to protect minors from being exposed to obscene and violent materials online, the Korean government has also included a provision in the INPPA that requires senders to label those materials as such.
More information can be found here.
Tuesday, February 13, 2007
Thursday, February 08, 2007
According to Mark Hall, the Director of the U.S. Defense Department's International Information Assurance Program and co-chair of the National Cyber Response Coordination Group (NCRCG), DOD is about to sign an agreement to share incident and threat information with the North Atlantic Treaty Organization's Computer Emergency Response Team (CERT). NCRCG is the U.S. federal government's incident response coordinator. It works to defend U.S. cyberspace by providing guidance to federal agencies and working the private sector, state governments, and other countries. Currently, there are 26 NATO countries and Hall feels that it will be much easier for him to work with NATO rather than each of the countries bilaterally. Hall was also recently a participant in a panel at RSA Conference 2007 that discussed "Protecting U.S. Cyberspace: Coordinating National Response to Cyber Attacks."
For the full article, please go here.
Tuesday, February 06, 2007
Almost 40 countries will participate in the fourth edition of Safer Internet Day (SID) which this year takes place on 6 February.
The event is organised by European Schoolnet, coordinator of Insafe, the European safer internet network. Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day, as in the past two years.
The highlight of the day will once again be a worldwide blogathon, which will reach Australia on 6th February and progress westward through the day to finish up in the USA and Canada. Following the huge success encountered in 2006, this year’s blogathon goes one step further to include the voices of hundreds of youngsters.
In the framework of a competition launched in October 2006, more than 200 schools in 25 countries across the globe have been working in pairs, using technology to cross geographical borders, to create internet safety awareness material on one of three themes: e-privacy, netiquette, and power of image. On Safer Internet Day, all of the projects they have produced will be uploaded to the blogathon. The 4 prize-winning teams in the competition will be announced on 6 February when the blogathon opens to well over 100 organisations waiting on the starting block to add their postings on this year’s theme, Crossing borders.
To find out more about young people’s use of the internet and mobile phones, Insafe has been collecting data over the past two months through an online survey. Preliminary results will be made available on Safer Internet Day along with a wealth of other information tailored to the needs of not only media but also parents, teachers and youngsters in an online media room specially set up at www.saferinternet.org to mark the event.
On Safer Internet Day in the Netherlands, HRH Princess Maxima will be the special guest at an event featuring theatre, music and stories. In Slovenia, young people will showcase art projects and Slovenian national television will broadcast internet safety clips.
Across the globe, hundreds of other events will highlight the growing importance of internet safety in the lives of us all.
For further information see the following links:
Insafe
National nodes of Insafe
Safer Internet Day Blogathon
Safer Internet Programme
eTwinning (partner in the Safer Internet Day competition for schools)
In today's interconnected world of networks, threats can now originate anywhere − our collective cybersecurity depends on the security practices of every connected country, business, and citizen. The International Telecommunication Union (ITU), a specialized agency within the United Nations system, would like to draw Safer Internet Day participants' interest to a number of information resources dedicated to cybersecurity and spam.
The ITU Cybersecurity Gateway is an easy-to-use online information resource on national and international cybersecurity related initiatives worldwide. A vast number of resources and links are available and organizations are invited to join in partnership with the ITU and other stakeholders to build confidence and security in the use of information and communication technologies (ICTs).
The StopSpamAlliance is a joint initiative to gather information and resources on combating spam. This initiative was undertaken by Asia-Pacific Economic Cooperation (APEC), the EU's Contact Network of Spam Authorities (CNSA), International Telecommunication Union (ITU), the London Action Plan, Organisation for Economic Co-operation and Development (OECD) and the Seoul-Melbourne Anti-Spam group. The StopSpamAlliance.org website contains an overview about each of these organization’s activities in countering spam and related threats.
The outcome documents from the two phases of the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of information and communication technologies (ICTs) is a necessary pillar for building a global information society. ITU has been asked to play the main facilitator role for to assist stakeholders in building confidence and security in the use of ICTs. To stress the importance of the multi-stakeholder implementation of this task, ITU has named this the Partnerships for Global Cybersecurity (PGC) initiative.
In commenting on the Safer Internet initiative, newly elected ITU Secretary-General Hamadoun Toure stressed the need for greater cooperation between regulators, government, security firms, communication service providers, and end users in dealing with the challenges to building a safe and secure information society.
The International Telecommunication Union wishes you all a very successful Safer Internet Day 2007!
Enquiries related to ITU activities in the area of cybersecurity can be directed to cybersecurity@itu.int.
About ITU
The International Telecommunication Union (ITU) is an international organization (specialized agency) within the United Nations System where governments and the private sector coordinate global telecommunication networks and services. Through its standards, development, and policy research activities, ITU has a long-standing track record in security for information and communication systems. There are currently more than seventy ITU recommendations focusing on security.
Friday, February 02, 2007
According to a recent article in The Register, two young Dutch hackers who built a large botnet were sentenced to prison earlier this week. The main suspect, now 20, was handed a two-year sentence and a €9,000 f($11,800) fine, while his 28-year-old partner was given 18 months and ordered to pay €4,000 0 ($5,200).
As stated by the article, the men, part of a larger hacking ring, and one other suspect, were arrested in 2005 for extorting a US company, stealing identities to purchase cameras and games consoles, and distribute spyware. The operation netted an estimated €60,000 over a period of six months.
Read the full The Register article here.
Two resolutions relating to cybersecurity and defining ITU's activity in that domain were adopted by ITU Member States at its Plenipotentiary Conference in Antalya, Turkey, held in November 2006. These are:
Wednesday, January 31, 2007
14-15 May 2007 The ITU has a new Secretary-General, Dr. Hamadoun Toure, who has indicated in his first public statements and to senior ITU staff that he considers cybersecurity and particularly follow-up to WSIS Action Line C5 to be a key strategic area of focus for future ITU activities.
The next annual facilitation/consultation meeting for WSIS Action Line C5 will be held 14-15 May 2007 at ITU in Geneva in conjunction with a cluster of events to be organized around 17 May (World Telecommunication and Information Society Day). The meeting is open to all participants with an interest in C5 activities. More details concerning the draft agenda and administrative arrangements for the event will be circulated shortly along with a list of other WSIS-related meetings to be held 14-25 May 2005 in Geneva.
Further information will be posted at the WSIS C5: Partnerships for Global Cybersecurity website. Enquiries can be directed to cybersecurity@itu.int.
IDG Sweden has published an interview between a journalist from Computer Sweden Magazine and a person claiming he is the creator of the Haxdoor Trojan, a program used for bank fishing and responsible for the recent phish of an Australian bank as well as the recent phish of Nordea bank. The interview was done over ICQ. With the assistance of someone from Symantec, the interviewer reached the interviewee, who uses the screen name Corpse, by pretending to be interested in buying a handcrafted version of the program for the phish of a particular bank.
In the interview, Corpse indicates that he is clearly aware that his program is used for bank fraud and offers to sell Haxdoor, including support by him, to the journalist for $3000. In their discussion about attacks that have been perpetrated by Haxdoor, Corpse states that security staff at banks try to hide 99% of the actual attacks in an attempt to prevent their customers from being frightened. However, Corpse will not discuss previous customers or the person(s) who may have been behind some of the attacks by Haxdoor that have become public. When the journalist expresses concern about being caught, Corpse offers to make the attack untraceable by providing the journalist with servers in China, the United States, or Europe for $150 per month. Corpse also makes that claim that versions of Haxdoor exist with the ability to hide in the operating system, and therefore, cannot be detected by anti-virus programs. He goes on the talk about the features of Haxdoor, which include a graphical interface allowing attacks to be tailored, rootkit and self-defense functions, support for all versions of Windows from 98 to Vista, and delivery as a rar or zip archive.
For a full version of the interview (in Swedish), please click here.
Tuesday, January 30, 2007
Last week, the Anti-Spyware Coalition released its guides on best practices and conflict resolution. The best practices guide is based on a set of software definitions and the risk-model description created by the Coalition. It is intended to provide insight into the way security firms identify applications, flag behavior, and then distinguish between "unwanted" software and software that provides "real value to users." Included is the "clearest description" that the Coalition has issued of the methodology used by anti-spyware companies in determining what software is "unwanted." The conflict resolution guide addresses the topics of competing anti-spyware software on a system and helping consumers understand the problems that may result in their security applications.
For links to the Anti-Spyware Coalition guides and supporting documentation, please click here.
Monday, January 29, 2007
The European Parliament held an STOA Workshop on "RFID in the everyday life of Europeans: A citizen's perspective on ambient intelligence" on 24 January 2007. The workshop was organized as part of the project "RFID and identity management: Case Studies from the frontline of the development towards ambient intelligence" commissioned by the Scientific Technology Options Assessment (STOA) Panel of the European Parliament, and carried out by the European Technology Assessment Group.
ITU's Lara Srivastava delivered a presentation on the topic "Is our enviroment getting smarter? Are we". Her presentation is available here.
Wednesday, January 24, 2007
The North American Consumer Project on Electronic Commerce (NACPEC) has created a section on its website that provides visitors with relevant and up to date information on spam and phishing.
Although there is no international consensus on the definition of spam, spam has evolved from a minor nuisance to a problem, which is often criminal and fraudulent, for users and computer networks. In addition to the fact that most spam advertises goods or services that are of questionable quality or that contain deceptive or misleading offers, spam is a channel for the propagation of viruses and spyware as well as a way to perpetrate other criminal activities through phishing and pharming techniques. It is a threat to the use and functioning of corporate, public, and academic networks; assists cybercrime; threatens consumer confidence; and undermines the use of email.
Since 2000, the amount of spam circulated has more than doubled, reaching somewhere between 58% to 85% of all email. Spam is the cause for significant economic costs and losses in productivity for service providers, businesses, civil society, academic institutions, and especially consumers. During the World Summit on the Information Society (WSIS) thematic meeting on spam in July 2004, the Chairman reported that spam costs the global economy approximately US$ 10 billion per year, and the European Commission has estimated that spam costs users EUR 10 billion per year. Spam is now no longer only a problem for computer networks, it is also becoming an issue in mobile phones, instant messaging services, weblogs, and wireless networks. Currently, there is no one solution to the problem of spam. It is a complex, cross-border issue requires the adoption of a multi-dimensional and multi-stakeholder approach as recommended by the Anti-Spam Toolkit for the OECD. To curb spam, a combination of solutions will be required.
More information can be found here.
Tuesday, January 23, 2007
As one the series of Google TechTalks, Van Jacobson presents his talk entitled "A New Way to Look at Networking."
Jacobson's motivation for giving this talk is his feeling that in the last decade network research in the United States has been at a dead end. Despite technological advances, everything with networking is becoming more difficult. People are spread out over multiple devices, wireless barely works, and the solutions that are being presented solve the small problems but do not deal with the larger cause. In the current situation, Jacobson feels the Internet is not a bad solution but the problem has changed. We are on the verge of a Copernican revolution. A good analogy to this situation is the one faced in the 1960s and 1970s when efforts were being made to use the telephony system to move data.
The traditional telephony system was not about calls, it was about wires. To have a successful business model, a ubiquitous wire system was necessary. Jacobson provides an explanation of the system, how it works, and the issues that arose over ownership of the network. One characteristic of the network was its unreliability. Every piece had to work all the time. Because of this the network was designed to have reliable elements instead of being reliable as a whole.
The current issue is in order to have access to information, the device used must be connected to the Internet or the user will be cut off. This can be difficult because the device must have a topologically stable address. Also, the Internet does not like things that move or broadcast; it was not designed for this. How the network is being used has changed. We are not longer in a conversation model. A conversation model cannot be transformed into a viable security model. Instead, Jacobson promotes a dissemination model by discussing the work that is being done with this framework including ways of transferring and storing information and their advantages.
Jacobson feels that the continued reliance on the conversation model has evolved the situation to the point where the user must now do the low level connection plumbing to get what he/she wants. If we change our view to the dissemination model, the network does the plumbing.
The full talk can be found here.
In his article "Trench Warfare in the Age of the Laser-guided Missile," Neil Schwartzman gives a brief description of the history of spam and the anti-spam movement, provides a summary of the current state of spam, and makes a series of recommendations concerning what actions the anti-spam community should take.
History of Spam and the Anti-Spam Movement: According to Schwartzman, both spam and the anti-spam movement have steadily evolved since 1995. The anti-spam movement has seen the rise of government groups, NGOs, and industry coalitions as well as anti-virus and spyware technologists and companies working individually to stop spam. Spam, however, has stayed ahead of the anti-spam movement, becoming more and more sophisticated in its ability avoid filters, collaborate with viruses, and reach users.
The Current State of Spam: Schwartzman sums up the current situation as a "blended criminal threat." He examines penny stocks, promoted using 'image-only' payloads. Stock spamming leaves paper trails and this led to some successful prosecutions at the end of 2006. He reaches the conclusion that although currently popular, stock spamming will decline as prosecutions increase. He also looks at phishing, which he feels is far more serious than stock spamming, because "personal information is the currency used by criminals on the net."
Consumer Confidence & Organized Crime: Although online commerce continues to grow, user confidence is e-commerce is decreasing as the number of threats from spam increase. Recent studies show that up to 90% of polled consumers are deeply skeptical about their ability to conduct business safely online. Schwartzman feels that as more users become victims or personally know victims of online fraud, they will cease their online purchasing and return to traditional retail outlet purchasing. One major concern is the possible failure of a major online financial service, which would certainly speed up users return to traditional retail and cause massive damage to the reputations of all online service providers. There is also additional concern as there is now "full integration with the bad-guy technologists and sophisticated groups of computer-aware criminals." The large amount of money that can be made from spam has now attracted organized crime including the Russian mob, the Italian mafia, the Hell's Angels, and the Columbian drug cartels.
The Future: At the inbox level, anti-spam technologies are very effective at blocking spam; however, the resource cost is becoming an issue as "major receiving sites have said privately that their systems are all but overwhelmed by the new levels of spam." The latest spam/malware threat is known as SpamThru. Although not yet being used to its full capacity, it caused an 80% increase of spam on some sites in the last three months of 2006. It also has the capability of avoiding complete deletion by removal programs. Other technologies which are also popular right now are 'Queen bots', which are capable of changing profiles and controlling subservient zombie computers, and 'fast-flux dns', which is a DNS server hosted on an infected machine that resolves human-recognizable URLs to a multitude of similarly infected machines. If spam continues to increase, and there are several ways it can, the result could be the end of e-mail or the Internet itself or virtual attacks on the real world (several of which have already been realized),
What Should Be Done: According to Schwartzman, the anti-spam movement is losing. This can be mostly attributed to the fact that the movement is disjointed and disorganized. Companies often have various groups dealing with different aspects of spam and malware who never communicate or coordinate. This is also seen in the interaction of the various anti-spam groups organized within the industry. Schwartzman believes that active participation and cooperation by all stakeholders is necessary to successfully fight spam and he makes a series of suggestion as to how this can be achieved.
See the complete article here.
Monday, January 22, 2007
A public forum on the availability and robustness of electronic communications networks was held in Brussels, Belgium on 18 January, 2007. It was done as part of a study being conducted for the European Commission by Alcatel-Lucent's Bell Labs and professional services organizations on this issue. The study provides insights into the availability and security provisions of electronic communication networks and also makes recommendations to the Commission, Member States, and private sector designed to enhance the security and resilience of these networks. The findings of the study will be presented at the multi-stakeholder dialogue in Europe, which will be attended by representatives of governments, industry, and users. Opening the dialogue will be speakers from the financial sector, the electricity sector, and the transport sector who will stress the importance of reliable communications in their operations.
This study follows a request form the European Council in June 2004 to prepare a critical infrastructure for Europe, the adoption of a Green Paper on critical infrastructure protecion in November 2005 (more information), and a proposal by the Commission for a European Programme on Critical Infrastructure Protection (EPCIP) in December 2006. In May 2006, the Commission adopted a Communication on a strategy for a secure Information Society - "Dialogue, partership and empowerment" (COM(2006)251). This action was endorsed the Council Resolution adopted on 11 December 2006.
See more information here.
In their paper "Spam Works: Evidence from Stock Touts and Corresponding Market Activity," Laura Frieder and Jonahan Zittrain examine the impact of spam that advertises stock upon the trading activity of those stocks, how profitable such spamming might be for the spammer, and how harmful this behavior is to those who follow the advice in stock-touting e-mails. Using a large sample of touted stocks listed on the Pink Sheets quotation system, the authors offer evidence showing that the use of spam is affecting stock prices. In addition to an increase in transaction volume, spammers are acheiving 5% gain on the stock before they dump it. They also suggest that the effectiveness of this practice "calls into question the prevaling models of securities regulation that rely principally on the proper labeling of information and disclosure of conflicts of interest to protect consumers." In response to this, they propose several regulatory and industry interventions.
The paper can be found here.
Thursday, January 18, 2007
Monday, December 18, 2006
Wednesday, December 13, 2006
Monday, December 11, 2006
Saturday, December 09, 2006
A ComputerWorld article describes Microsoft's battles with hackers: the software giant fights off more than 100,000 attacks every month.
[via Slashdot]
Monday, December 04, 2006
In conjunction with the Forum at ITU TELECOM WORLD 2006, 4-8 December in Hong Kong, China, ITU is organizing a one day event on 8 December entitled "Countering Spam Cooperation Agenda". Key international and regional organizations involved in the fight against spam will gather to discuss greater collaborative efforts to combat spam and related threats. The event is open to all ITU TELECOM WORLD 2006 participants.
See the full ITU Press Release for the event here.
Thursday, November 30, 2006
Splogs are blogs where the articles are fake and only created for spamming purposes. According to Technorati in its State of the Blogosphere the number of blogs created these past months has diminished largely because "splogs" are now easier to detect. Blog search engines detect and delete most of the "splogs", but according to Technorati, 4% of the "splogs" still manage to get through the filters in place.
Despite "splogs", the blogopsphere continues to grow. At the end of October 2006, 57 million blogs existed, 3 million more than in June 2006, and 55% were considered active (updated at least once in the last 3 months.).
To read the full l'Expansion magazine article in French, click here.
According to the European Commission, EU member states are not doing enough to tackle the problems of spam, spyware and malicious software, despite the existing EU legislation. The implementation by EU members of this legislation is still a problem and Europe continues to suffer from illegal online activities from inside the EU and from third countries.
The Commission is now calling on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software and urging governments and industry to cooperate fully in this fight by applying proper filtering policies and assuring good online commercial practices. The Commission has also called for prosecution of those involved in illegal online activities. Because of the criminal and fraudulent trend in spam, and its cross border aspects, good cooperation and dialogue between the EU and third countries is essential to succeed in this fight. According to Viviane Reding, the Commissioner for Information Society and Media "it is time to turn the repeated political concern about spam into concrete actions to fight spam."
For more information, see the newly released Commission Communication.
Read also the SiliconRepublic article.
Friday, November 24, 2006
Saturday, November 18, 2006
ITU-T Focus Group on Security Baseline for Network Operators has issued a survey which seeks to assess the security preparedness of network operators. The results from the survey will be used in preparation of a new ITU-T Recommendation: "Security Baseline for Network Operators". Participants are asked about their level of preparedness for various security threats.
Once approved the ITU-T Recommendation will show the readiness and ability of operators to collaborate and coordinate counteraction against security threats arising from interconnected networks. The Security Baseline will allow network operators to assess their network and information security posture in terms of what security standards are available, which of these standards should be used to meet particular requirements, when they should be used, and how they should be applied. It will also identify security Recommendations and standards to support evaluation of operators’ network security and information security.
Commencement of the first draft of the Recommendation will begin towards the end of 2006.
See the online survey which is aimed at network and service providers.
A deadline of 24 November 2006 has been set for survey responses.
Wednesday, November 15, 2006
Researchers and IT managers are confirming that spam levels have been particularly high in the past month and that there are no signs of a decrease. This phenomenon is the result of a new generation of viruses and zombies that infect computers very quickly and are increasingly difficult to get rid of. Image-based spam is also to be blamed. Spammers now know how to represent words in an image that are recognizable only by the human eye tricking anti-spam technologies and further increasing the negative effects of spam.
Read the full PC World article here.
Friday, November 10, 2006
The Asia Pacific Economic Cooperation (APEC), the EU Contact Network for Spam enforcement Authorities (CNSA), the International Telecommunication Union (ITU), the London Action Plan for Spam Enforcement (LAP), the Organisation for Economic Cooperation and Development (OECD), and the Seoul-Melbourne Anti-Spam group, six leading international anti-spam initiatives/organizations, launched at the United Nations Internet Governance Forum (IGF) in Athens, Greece, a new online information resource to assist stakeholders in their fight against spam.
This new website (http://www.stopspamalliance.org/) aims to help coordinate international action against spam more effectively and improve information sharing in this area. It will contain information on anti-spam laws and enforcement activities, consumer and business education, best practices for fighting spam, and international cooperation.
For further information, please visit http://www.stopspamalliance.org/
Read also the
OECD news release for the launch of the StopSpamAlliance website.
Friday, November 03, 2006
Computer World reports of a new kind of spam called "targeted spam or spear phising". This type of spam, currently on the rise, is particularly hard to catch for spam filters because the spammer is able to "spoof" the sending e-mail address to make it look like it's coming from within the organization of the recipient. Unlike traditional spam, spammers send just a few of these messages at the same time, making antispam technology’s job even harder.
These attacks affect essentially large organizations or very well-known brands. Once the company has been alerted, blocking it is pretty easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases.
For more information, read the full Computer World article.
Wednesday, November 01, 2006
According to a recent Forbes article a new kind of spam is rapidly invading users’ e-mail boxes: image spam.
To the human eye, image spam looks like regular junk email, but for anti-spam software, the image spam is very hard to detect. Usually anti-spam programs scan messages for certain key phrases but do not analyze pictures, so the same word saved as an image file goes undetected. Anti-spam technology is trying to adapt to this new phenomenon. However, for now, image spam is on the growth and is consuming much more bandwidth and storage space in consumers’ e-mail boxes.
To read the full Forbes article, please click here.
For more information, see Secure Computing’s Report on Image Spam.
"In a sweeping set of measures, the German Federal Network Agency has ordered more than 80 network operators and service providers not to bill or collect for any phone numbers used illegally. A large number of consumers had complained to the German Federal Network Agency about so-called ping calls and other forms of telephone spamming."
"A ping call is where a call is made to a telephone number and broken off after just one ring. The subscriber’s display shows a “missed call” with an expensive premium-rate number or an 0137 number. In addition to these ping calls, another form of telephone spamming promises prizes where the person called hears a prerecorded message saying that they have won a large amount of money that can be collected by calling an expensive premium-rate number."
"The Federal Network Agency’s stringent measures are a continuation of the intense battle against telephone spam. Since May 2006 alone, the Federal Network Agency has disconnected 237 call numbers on account of ping calls and prize promises. In addition, a ban has been imposed on billing and collecting for 78 call numbers. These bans protect consumers that have called a spam number back, and prevents them from having to pay any charges. The spammer does not receive any payment for the calls initiated."
See the Federal Network Agency's press release here.
Friday, October 27, 2006
"Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive."
The Office of the Privacy Commissioner of Canada's recently released new Guidelines for Identification and Authentication. The Guidelines are intended to help organizations develop appropriate identification and authentication processes in ways that respect the fair information practices in the Personal Information Protection and Electronic Documents Act (PIPEDA) and ensure compliance with its security provisions by providing the strongest protection for customers’ personal information. The scope of the document is limited to identification and authentication techniques between organizations and individuals.
These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:
See also a more detailed document published by Industry Canada in 2004 named "Principles for Electronic Authentication".
This article was accessed through Schneier's blog: Schneier on Security.
Wednesday, October 25, 2006
On 16 October 2006, Mauritius officially launched their Anti-Spam Awareness Campaign. On this occasion the Minister of IT and Telecommunications also presented a dedicated Anti-Spam Website with resource aimed at raising awareness and sharing information on spam, malwares, etc.
In Mauritius, the spamming problem is gaining in magnitude and there is a need to have a concerted approach to address this issue. Without remedial action to address the problem of spam in Mauritius, the country runs the risk of being seen as a safe haven for spammers and there is the risk that legitimate email traffic from Mauritius to other countries which have anti-spam legislation, could be blocked. In this context, the National Computer Board has set up a National Anti Spam Committee to co-ordinate activities at the national level with regards to combating spam.
The Anti-Spam Co-ordination Committee consists of representatives from the following national organisations: National Computer Board; IT Security Unit, Ministry of IT and Telecommunications; Ministry of Education and Human Resources; Ministry of Industry, Commerce, Small and Medium Enterprises and Cooperatives; Ministry of Foreign Affairs, International Trade and Cooperation Joint Economic Council; Mauritius Chamber of Commerce and Industry (MCCI); State Law Office; ICT Authority; Mauritius IT Industry Association; Internet Society; University of Mauritius (UOM); University of Technology; Telecom Plus/Mauritius Telecom ACT.
For further information see the newly launched Anti-Spam Website and Mauritius' Anti-Spam Action Plan.
Monday, October 23, 2006
The Journal du Net states in a recent article that organized cybercrimes represent a growing risk for internet users. Hackers use new techniques to hide and make their attacks more efficient. Their main goal is not to destroy computers. With the rapid development of e-commerce, hackers want to take over personal data and make as much profit as they can with it.
To achieve this, they use different forms of worms or trojans send from servers hosted in countries where the legislation is less strict. To protect their economic interests, businesses need to include employees in their security policies so they do not become the weak link in the security chain.
See Journal du Net for the full article in French.
Saturday, October 21, 2006
Friday, October 20, 2006
Business Week Online shows in a recent article entitled "Needed: A National Cyber Security Law'" that more and more people have their personal information lost, stolen or compromised. Security breaches are eroding their trust in the capability of the Internet to deal with their private personal information. This growing confidence-deficit represents a serious threat to the economic growth of each country, according to the article. Therefore, it is time for officials to act by passing strong data-security laws. These national laws must aim to both prevent further data breaches and address leaks once they occur.
"To accomplish these goals, lawmakers should establish reasonable security measures, create a consistent and recognizable notification standard, encourage best practices such as encryption, and include effective enforcement capabilities".
See Business Week Online for the full article.
Computer World released an article entitled “Ten security trends worth watching”, based on Bruce Schneier’s speech at last month’s Hack in the Box Security Conference in Kuala Lumpur, Malaysia.
Mr. Schneier identified 10 trends affecting information security today:
- Information is more valuable than ever.
- Networks are critical infrastructure. "If the Net goes down, or part of the Net goes down, it really affects the economy".
- Users do not necessarily control information about themselves. For example, Internet service providers have control over records the Web sites that users visit and email messages they send and receive.
- Hacking is increasingly a criminal profession. More and more, attacks are organized and led by criminals who are driven by a profit motive.
- Complexity is your enemy. "As systems get more complex they get less secure". Mr. Schneier mentioned that the Internet is "the most complex machine ever built".
- Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them.
- Worms are more sophisticated than ever.
- The endpoint is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy".
- End users are seen as threats.
- Regulations will drive security audits.
See Computer World for the full article.
Thursday, October 19, 2006
Tuesday, October 17, 2006
Slashdot has an article that says "Researchers are finding it practically futile to keep up with evolving botnet attacks. 'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va. There is a general feeling of hopelessness as botnet hunters discover that, after years of mitigating command and controls, the effort has largely gone to waste. 'We've managed to hold back the tide, but, for the most part, it's been useless,' said Gadi Evron, a security evangelist at Beyond Security, in Netanya, Israel, and a leader in the botnet-hunting community. 'When we disable a command-and-control server, the botnet is immediately re-created on another host. We're not hurting them anymore.' There is an interesting image gallery of a botnet in action as discovered by security researcher Sunbelt Software."
Thursday, October 12, 2006
Wednesday, October 11, 2006
Tuesday, October 10, 2006
A recent BBC article shows how vulnerable XP Home really is. "Using a computer acting as a so-called 'honeypot' the BBC has been regularly logging how many potential net-borne attacks hit the average Windows PC every day. With a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet."
The majority of the incidents were merely nuisances. "Many were announcements for fake security products that use vulnerabilities in Windows Messenger to make their messages pop-up. Others were made to look like security warnings to trick people into downloading the bogus file." "However, at least once an hour, on average, the BBC honeypot was hit by an attack that could leave an unprotected machine unusable or turn it into a platform for attacking other PCs. Many of these attacks were by worms such as SQL.Slammer and MS.Blaster both of which first appeared in 2003. The bugs swamp net connections as they search for fresh victims and make host machines unstable. They have not been wiped out because they scan the net so thoroughly that they can always find another vulnerable machine to leap to and use as a host while they search for new places to visit."
Read the full BBC story.
This article was accessed through Slashdot.
Monday, October 09, 2006
Wired News in an article brings attention to the insecurity of some of the new technologies online. “VOIP and Ajax -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference.”
"Voice over internet protocol is going mainstream, available to consumers and increasingly replacing the private phone systems in businesses of all sizes. Like the traditional phone, a VOIP call is broken into two parts, or channels. The first is signaling, which negotiates things like when to start and stop a call, what to do if another call comes in, and what to do if something about the call changes. The second part is media, the bit where we talk. In most VOIP systems neither of these channels is actually encrypted."
"According to Dustin Trammell, VOIP security researcher at Tipping Point, this leaves most VOIP calls vulnerable. Calls can be hijacked without either party's knowledge anywhere along the route over the net that connects the call, and nearly all VOIP systems can fall victim to signal-channel attacks that can fake caller ID, degrade call quality, end calls suddenly, and crash the end device -- either your VOIP phone or computer. Internet telephony can even fall victim to denial-of-service attacks that flood a phone with fake requests to start a call, rendering it useless."
Read the full Wired News article on VOIP and AJAX security issues.
Wednesday, October 04, 2006
The European Commission has signed a contract with the consortium Equant/Hewlett Packard for the provision of the infrastructure replacing several data communication infrastructures at EU level. sTESTA (Trans European Services for Telematics between Administrations), is the European Union's classified telecommunication network and responds to the growing need for secure information exchange between European and National administrations.
In order to respond to the need for a telecommunication network serving multiple stakeholders in multiple policy areas, the European Commission, the European Council, Europol and the European Railway Agency have joined forces. The sTESTA framework contract was awarded following a jointly launched tendering procedure. This contract will allow European and National Administrations to exchange data within several policy areas in a secured and reliable way. Commission Vice President Günter Verheugen, responsible for enterprise and industry policy, said: "This initiative will make the EU’s electronic communication infrastructure considerably more efficient. It will enable us to better respond to the many challenges in the field of eGovernment, making our society more modern and safer."
Read more in the EC Press Release.
Tuesday, October 03, 2006
The United States National Cyber Security Alliance (NCSA), a consortium of government agencies and private industry sponsors, aims to educate the public about core security protections this October, during the national cyber security awareness month, with its campaign on 'Cyber Security: Make It A Habit'.
U.S. National Cyber Security Awareness Month is a national campaign designed to increase the public’s awareness of cyber security and crimes issues, so that users can take precautions to avoid these threats on the Internet. The month will feature public relations activities, educational programs, events and initiatives throughout October that targets Home Users, Small Businesses, Education audiences (K-12 and higher education), and Child Safety online.
See the
U.S. National Cyber Security Awareness Month 2006 website for further information on this collective effort aimed at protecting the public from internet threats.
PhishTank is a collaborative clearing house for data and information about phishing on the Internet. PhishTank was launched by the people behind OpenDNS and will be used to dynamically block access to phishing sites. For more information, see their FAQ.
Thursday, September 28, 2006
A Strategic and Coordinated Approach Needed for Cybersecurity In a recent GovTech article, the Cyber Security Industry Alliance (CSIA) calls for a more strategic and coordinated approach from the U.S. government to ensure the nation's cybersecurity.
CSIA’s Executive Director Paul Kurtz emphasized that "the level of attention given to securing our information infrastructure is inadequate considering the reliance of Americans on the nation’s cyber systems." "In testimony before the House Committee on Energy and Commerce's Subcommittee on Telecommunications and the Internet, Kurtz highlighted the importance of the nation's cyber systems, calling them the newest and most pervasive portion of our critical infrastructure, and discussed the federal government's role in its protection. At the core of CSIA's recommendations is the need for a Strategic National Information Assurance Policy that would outline the key roles that relevant government agencies should play in the protection of our cyber infrastructure."
"No single entity owns our information infrastructure and no single government agency is solely responsible for its protection." "While the Department of Homeland Security clearly plays a critical role, many other agencies share responsibility for the overall well being of our cyber systems," said Kurtz. "Yet the government has shown little strategic direction or leadership when it comes to ensuring the resiliency and integrity of our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use, from our communications and utility networks to our financial and medical systems, is in some way reliant upon our nation's digital networks." Kurtz called out the need for a cyber early warning system that provides the nation with situational awareness of attacks.
Read the full story here.
Tuesday, September 19, 2006
In a press release, Gartner, Inc. advises businesses to plan for five increasingly prevalent cyberthreats that have the potential to inflict significant damage on organisations during the next two years. These threats are:
- Targeted threats (Targeted threats are cyber attacks with a financial motivation that are aimed at one company or one industry);
- Identity theft (Identity theft refers to the theft of an individual's personal or financial information for the purpose of stealing money or committing other types of crimes);
- Spyware (Spyware is malicious software that can probe systems, reporting user behaviour to an advertiser or other party without the user’s knowledge);
- Social engineering (Social engineering is the practice of obtaining confidential information by manipulating legitimate users);
- Viruses (Viruses are malicious programmes that use a propagation method to enable widespread distribution.)
According to Amrit Williams, research director at Gartner, "We are seeing an increasingly hostile environment fuelled by financially motivated and targeted cyber attacks. By 2008 we expect that 40 percent of organisations will be targeted by financially motivated cybercrime."
"Cyber attacks are not new, but what is changing is the motivation behind them. They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry," said Williams.
"For example, we have recently seen several companies hiring private investigators to spy on their competitors. Private investigators used Trojans to install targeted spyware on competitors’ computers to gather confidential information about such things as upcoming bids and customers."
Gartner said that social engineering and viruses will remain an everyday nuisance for chief information security officers through 2009. It warned that in the next two years, at least 50 percent of organisations will experience a social engineering or a virus attack."
Access the full report and Gartner news release here.
Friday, September 15, 2006
Business Communications Review has an article entitled The Botnet Threat reviewing a recent report put out by Arbor Networks, which surveyed ISPs about their biggest security concerns.
"When they surveyed 55 ISPs, McPherson and Labovitz discovered that distributed denial of service attacks, and the related threat of botnets, remain the biggest security problem that ISPs face. Together, these two elements were named as the top threat by 77 percent of respondents. "Brute-force attacks remain the most predominant attack type on the Internet today," the authors write.
The largest sustained attack reported by the survey respondents was a whopping 17 Gbps; a UDP flood of 22 million packets per second (pps) and a SYN flood of 14 million pps have also been reported. "The magnitude of these attacks is incredible when you consider that a 14 Mpps SYN flood can nearly fill an entire OC-192 (10 Gbps) circuit with a minimum packet size," McPherson and Labovitz write. "Any one of these attacks, or even a fraction thereof, can create significant pain for even the largest ISP networks in the world today."
The report also cites what the authors call "a new and disturbing observation" made by one respondent: Not only are botnets highly organized and "uniformly gargantuan," but there's an increasing amount of marketing of these botnets. ("Blast your affiliate numbers overnight!" is a typical pitch they report seeing.)"
Thursday, September 14, 2006
InfoWorld reports that the U.S. Department of Homeland Security has released the findings of Operation Cyber Storm, a large-scale simulation of combined cyber-physical attacks on U.S. critical infrastructure.
"The U.S. Department of Homeland Security (DHS) released its public findings from Operation Cyber Storm, a large-scale tabletop simulation of a coordinated cyber attack on the government and critical infrastructure that was held in February, 2006. The exercise involved US-CERT, the Homeland Security Operation center as well as the National Cyber Response Coordination Group (NCRCG) and the Intragency Incident Management Group (IIMG), various ISACs from the transportation, energy, IT and telecommunications sectors, and 100 private sector companies." "The exercise simulated a large-scale cyber campaign that disrupts multiple critical infrastructure, as well as simulated "physical demonstrations and distrubances" to test the ability of government to respond to multiple incidents simultaneously, even when its not clear that the events are related (read: 9/11)."
From the article: According to DHS, "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis."
Read the InfoWorld article here.
See the DHS press release on Operation Cyber Storm.
This article was accessed via Slashdot.
Thursday, September 07, 2006
A select committee has recommended a major change to New Zealand's anti-spam bill, suggesting anyone should be able to send unsolicited emails that are of an entirely non-commercial nature and need not desist even if asked to do so by the recipient. The original anti-spam bill said that organisations that sent unsolicited emails to promote their aims or ideals - such as school newsletters and messages from political lobbyists - would fall foul of the spam bill. This is if they did not stop sending messages when asked to do so, by letting recipients "opt-out". The select committee dropped this requirement in amendments it proposed early September 2006.
The proposed amendments also drop the legal requirement that spam be reported to a customer's internet service provider before Internal Affairs could take action. Other proposed amendments eliminate the distinction between emails whose prime purpose is commercial and ones that are primarily promotional, but which contain a commercial element, and lift a ban on possessing or supplying email harvesting software, but bans New Zealanders from using such software to send spam.
This news item was retrieved through the APCAUCE Newslog.
The full article is available at stuff.co.nz.
Tuesday, August 22, 2006
On the 5th of May 2006, France and Japan signed a joint statement within the framework of a coordinated international action in order to fight spam. Both countries especially consider to exchange informations and good practices regarding the field of anti-spam policies and strategies.
The French Direction du Developpement des Medias (DDM) has more information on their website.
See other spam-related articles on the OECD Task Force on Spam website
Friday, August 18, 2006
The Vietnamese Ministry of Trade is drafting a circular governing advertising activities by electronic means, including emails, pop-ups and mobile phone messages.
"Local Internet users have been bombarded with spam mails but most of them are from overseas. Now such a circular is necessary as local spamming activities are on the rise.
The circular has basic requirements for users to fight spams such as opt-out options, genuine sender addresses, sender telephone numbers and obvious headings. But it seems that the draft circular is too lenient towards spammers when it provides them five working days before they have to stop their spams in case recipients choose to opt out. It also allows for the collection of personal data including email addresses and telephone numbers. Even though the circular requires collecting parties to ask for permission first and to keep those data confidential, this provision can be abused and can cause disputes later on.
This is all the more possible because the circular provides two scenarios: A complete ban of sales of email addresses and telephone numbers to advertisers; or allowing such an activity. Unsolicited short mobile messages are now possible because some carriers are selling subscribers’ numbers to various advertising companies. Users are especially frustrated when senders use some automatic message generation device so that they might receive an advertising message in the middle of the night.
The fines provided in the draft circular are from VND5 million to VND20 million, which many say are not heavy enough to prevent harmful violations of personal information."
[via APCAUCE and Viet Nam News]
Friday, August 11, 2006
"As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device."
The U.S. CERT (Computer Emergence Readiness Team) recently published a list of tips for users on how they can protect themselves against these increasing threats.
What unique risks do cell phones and PDAs present?
Most current cell phones have the ability to send and receive text messages. Some cell phones and PDAs also offer the ability to connect to the internet. Although these are features that you might find useful and convenient, attackers may try to take advantage of them. As a result, an attacker may be able to accomplish the following:
- Abuse your service;
- Lure you to a malicious web site;
- Use your cell phone or PDA in an attack;
- Gain access to account information.
What can you do to protect yourself?
- Follow general guidelines for protecting portable devices;
- Be careful about posting your cell phone number and email address;
- Do not follow links sent in email or text messages;
- Be wary of downloadable software;
- Evaluate your security settings.
Read the full article on the U.S. CERT website.
Thursday, August 03, 2006
The top three antivirus programs -- from Symantec, McAfee, and Trend Micro -- are less likely to detect new viruses and worms than less popular programs, because virus writers specifically test their work against those programs:
"On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.
"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram.
However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.
It's interesting to watch the landscape change, as malware becomes less the province of hackers and more the province of criminals. This is one move in a continuous arms race between attacker and defender."
[via Schneier on Security]
In separate reporting on the Black Hat USA conference, experts say that the spyware problem has "gotten so bad that it is unlikely it can ever be solved on a technical level. Instead, the solution will have to come from regulators and law enforcement agencies" .
"It's not technically feasible to stop spyware. You will not be able to stop this technically "This problem lives at the legal-technical boundary. We can't go around arresting people," said Dan Kaminsky, senior security researcher and founder of Seattle-based Doxpara Research, speaking on a spyware panel at the recent Black Hat USA 2006 event. "We need to create standards that clearly delineate legitimate code from illegitimate code where you throw people in jail."
Wednesday, July 26, 2006
"To protect Internet users from online fraudsters and defend the Internet against scammers commandeering network resources, the two most influential global trade associations combating Internet crime have jointly released an explicit new set of Best Practices to combat “phishing,” a major cause of online identify theft and fraud. The recommendations will help Internet Service Providers (ISPs) and mailbox providers better police their own infrastructures and filter traffic traversing their networks."
The Anti-Phishing Working Group (APWG) and the Messaging Anti-Abuse Group (MAAWG) jointly developed the recommendations outlined in "Anti-Phishing Best Practices for ISPs and Mailbox Providers." The paper provides technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses and also includes practices to respond constructively when these attacks occur. “Phishing” employs deceptive technology such as spoofing and social engineering to steal consumers' personal identity and financial account data, and has become a major concern."
To download the full recommendations, click here.
Tuesday, July 18, 2006
The Secretary-General of the United Nations has announced the convening of the Internet Governance Forum, to be held in Athens on 30 October - 2 November 2006.
The Secretary-General's message is available in all UN languages: [English] [Français] [中文] [عربي] [Русский] [Español]. The message in English reads:
"The second phase of the World Summit on the Information Society (WSIS), held in Tunis on 13-15 November 2005, invited me to convene a new forum for multi-stakeholder policy dialogue -- called the Internet Governance Forum (IGF). The Summit asked me to convene the Forum by the second quarter of 2006 and to implement this mandate in an open and inclusive process.
The Government of Greece made the generous offer to host the first meeting of the IGF and proposed that it take place in Athens on 30 October - 2 November 2006.
I have asked my Special Adviser for Internet Governance, Mr. Nitin Desai, to assist me in the task of convening the IGF and I have also set up a small secretariat in Geneva to support this process. Two rounds of consultations open to all stakeholders held in Geneva on 16-17 February and 19 May have contributed towards a common understanding with regard to the format and content of the first IGF meeting. I have also appointed an Advisory Group with the task of assisting me in preparing the IGF meeting.
The Advisory Group held a meeting in Geneva on 22 and 23 May 2006 and made recommendations for the agenda and the programme, as well as the structure and format of the first meeting of the IGF in Athens.
As the IGF is about the Internet, it is appropriate to make use of electronic means of communication to convene its inaugural meeting. The document adopted by WSIS -- the Tunis Agenda for the Information Society -- calls on me "to extend invitations to all stakeholders and relevant parties to participate at the inaugural meeting of the IGF". Therefore, it is my pleasure to make use of the World Wide Web to invite all stakeholders -- governments, the private sector and civil society, including the academic and technical communities, to attend the first meeting of the IGF in Athens. The overall theme of the meeting will be "Internet Governance for Development". The agenda will be structured along the following broad themes.
- Openness - Freedom of expression, free flow of information, ideas and knowledge
- Security - Creating trust and confidence through collaboration
- Diversity - Promoting multilingualism and local content
- Access - Internet Connectivity: Policy and Cost
Capacity-building will be a cross-cutting priority.
The meeting will be open for all WSIS accredited entities. Other institutions and persons with proven expertise and experience in matters related to Internet governance may also apply to attend.
In its short life, the Internet has become an agent of dramatic, even revolutionary change and maybe one of today's greatest instruments of progress. It is a marvelous tool to promote and defend freedom and to give access to information and knowledge. WSIS saw the beginning of a dialogue between two different cultures: the non-governmental Internet community, with its traditions of informal, bottom-up decision-making; and the more formal, structured world of governments and intergovernmental organizations. It is my hope that the IGF will deepen this dialogue and contribute to a better understanding of how we can make full use of the potential the Internet has to offer for all people in the world.
(Signed) Kofi A. Annan"
[via the Internet Governance Forum]
Tuesday, July 11, 2006
In a new scam, called vishing, identity thieves use bogus phone numbers instead of Web sites, reports PC World in a recent article featuring phishing scams on VoIP phones.
< show to starting increasingly is users, telephone or internet trick numbers Protocol) Internet over (voice VoIP easy-to-obtain using thieves with scam, theft identity of kind new A>"Related to phishing scams, the new scheme uses cheaply obtained VoIP numbers as bogus credit card or financial services telephone numbers", the article continues. "With Internet users being warned about clicking on hyperlinks in unsolicited e-mail, the new scam includes a phone number instead". "It's a natural elevation of the art to move it to the telephone. People are getting nervous about clicking on links", the article states.
< show to starting increasingly is users, telephone or internet trick numbers Protocol) Internet over (voice VoIP easy-to-obtain using thieves with scam, theft identity of kind new A>
The articles gives examples of how these new scams take place: "In one vishing case, scammers targeted PayPal users by including a telephone number in a spam e-mail. In the other case, the criminals configured an automatic telephone dialer to dial phone numbers, and when the phone was answered, played an automated recording saying their credit card has had fraudulent activity. The recording asked the telephone customer to call a number with a spoofed caller ID related to the credit card issuer. Once users call, they are asked for personal account information."
VoIP numbers are easy to obtain anonymously, but an industry expert interviewed for the story did not fault VoIP providers for vishing scams. "A larger problem is the ease of obtaining credit online or over the telephone. Consumers are comfortable with obtaining credit online or by dialing automated telephone services to get credit, but if credit-granting businesses required physical contact, phishing and vishing scams would be almost eliminated. In today's environment, it's absurd," the industry stated.
Read the full article on the PC World news website.
Thursday, June 29, 2006
Tuesday, June 27, 2006
Anti–spam legislation for the Cayman Islands is being considered by the Information and Communications Technology Authority.
The ITCA is now seeking input through a public consultation campaign. The goal is to ensure that any anti–spam legislation enacted in Cayman Islands is an effective tool as part of a multi–pronged attack on spam.
More information can be found here.
The Department of Communications, Information Technology and the Arts has conducted a legislative review of the Spam Act.
The review is required by legislation to assess the operation of the Spam Act after two years of its operation. The Department prepared a report based on the submissions received. The Minister tabled the report in Parliament on 22 June 2006.
The Minister’s press release is available here.
More information can be found here.
Friday, June 23, 2006
Ministry of Information Industry (MII), Internet Society of China (ISC) and China Communications Standards Association (CCSA) launched a national anti-spam campaign on June 21, reports Nanfang Daily. An insider at ISC said MII has set up a hotline at 01-12321 for spam-related tip-offs and is preparing to send out one million anti-spam notices.
The report said that professional training will be offered for 1,000 email administrators and that 20,000 anti-spam volunteers will be recruited.
This news item was accessed through
Slashdot Newslog.
Wednesday, June 21, 2006
United Kingdom's Ofcom is currently working on a publication examining various national and international approaches to protecting consumers on the internet.
Coincidening with this publication, the regulator will hold a seminar will that allow stakeholders to examine the results of Ofcom's survey, hear the views of Internet industry stakeholders and discuss what can be done in the future to better protect consumers on the Internet. Ofcom organising such an event is a measure of the challenge posed to both regulator and consumer by the growth of net services and the collision of the highly regulated world of broadcasting with the virtually unregulated world of the internet.
This news item was accessed through Roger Darlington's CommsWatch blog.
Thursday, June 15, 2006
According to a recently released article by CircleID, the United Kingdom today is one of the main attack targets by phishing organized crime groups, globally. Worldwide it is estimated (CircleID) that phishing damages will amount to about two billions USD in 2006 -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages.
In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users.
For more information see CircleID article on Phishing: Competing on Security.
Tuesday, June 13, 2006
A news release by the Japanese MIC announces the signing of a "Joint Statement between France and Japan, Concerning Cooperation in the Field of Anti-spam Policies and Strategies".
Particular areas of cooperation will include:
- Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam, including mobile spam;
- Encouraging the adoption of effective anti-spam technologies and network management practices by French and Japanese Internet service providers and major business network managers, and further cooperation between government and private sectors;
- Supporting French and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;
- Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of public relations and awareness campaigns for the multi-stakeholders to foster increased adoption of anti-spam practices and behaviours by end users in France and Japan;
- Cooperating to strengthen anti-spam initiatives being considered in international forum.
More information can be found here.
[Via APCAUCEWiki News]
Microsoft today gave the world a rare - albeit conservative - glimpse of its view on just how bad the virus and bot problem has gotten for Windows users worldwide.
The data comes from 15 months' worth of experience scanning computers with its "malicious-software removal tool," a free component that Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when they download security updates from Microsoft.
More information can be found here.
Friday, June 02, 2006
Do not panic if your data is hidden by virus writers demanding a ransom. A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.
More information can be found here.
Thursday, June 01, 2006
Study Group 17 Questionnaire on information about experiences on the use of IDN
"The World Telecommunication Standardization Assembly (Florianópolis, 2004) in Resolution 48 instructed Study Group 17 (Security, languages and telecommunication software) to study Internationalized Domain Names (IDN). The belief is that IDN implementation will contribute to easier and greater use of the Internet in those countries where the native or official languages are not represented in ASCII characters.
To assist this plan, Question 16/17 (Internationalized Domain Names) has been brought into being and tasked with investigating all relevant issues in the field of IDNs.
To recognize national, regional and international issues concerning IDNs, Study Group 17 prepared a questionnaire (see Annex 1) on information about experiences on the use of IDNs.
The objective of this questionnaire is to collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe. This will help identify Member States’ needs and practices concerning this subject. This information will serve to prepare a report on the implementation of IDNs and facilitate future work on IDN within Study Group 17.
If there are two or more ccTLDs in the responder's Member State, please complete separate answer sheets for each, unless they have exactly the same answers.
If the Member State is not responsible for the ccTLD, please forward the questionnaire to the concerned body."
Tuesday, May 30, 2006
Monday, May 22, 2006
The April MessageLabs Intelligence Report includes analysis of the threat landscape during the first quarter of 2006. Overall, threat levels remained largely stable with previous months, with the U.S. continuing to play the role as the largest source of malware, spam and phishing attacks, hosting 18.1 percent of the world’s compromised (zombie) computers in the first quarter of 2006 (down from a high of 44 percent in Q2 05).
More information can be found here.
Use the Internet at home and you have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto your computer. That's one of the unsettling conclusions from the 2005 Consumer Reports State of the Net survey of online consumers.
More information can be found here.
Thursday, May 18, 2006
In a press release today, ITU announced a global opinion survey to assess trust of online transactions and awareness of cybersecurity measures. The survey was conducted by ITU in conjunction with World Telecommunication Day, celebrated on 17 May to commemorate the founding of ITU in 1865. The theme chosen this year — Promoting Global Cybersecurity — aims to highlight the serious challenges of ensuring the safety and security of networked information and communication systems.
The announcement of the results of the survey coincides with the launch of an ITU Cybersecurity Gateway portal. The portal is a global online reference source of national cybersecurity initiatives and websites around the world and provides an integrated platform for sharing cybersecurity related information and resources. Presenting information tailored to four specific audiences: citizens, businesses, governments, and international organizations, the portal also provides information resources on topical cybersecurity concerns such as spam, spyware, phishing, scams and frauds, worms and viruses, denial of service attacks, etc.
With thousands of links to relevant materials, ITU intends to constantly update the portal with information on cybersecurity initiatives and resources gathered from contributors around the globe. For example, a number of countries are now ramping up national critical information infrastructure protection (CIIP) programmes and sharing information on these initiatives through the portal can assist both developed and developing economies in promoting global cybersecurity.
These efforts highlight work being carried out as follow-up to the World Summit on the Information Society (WSIS) Action line C5 dealing with "Building confidence and security in the use of ICT", for which ITU is the facilitator/moderator.
Update: UN Secretary-General Kofi Annan has made the following statement in conjunction with World Telecommunication Day giving his perspectives on promoting global cybersecurity.
Wednesday, May 17, 2006
The European Commission has launched a public consultation on RFID, with a view to developing a coherent RFID Policy for Europe. In order to prepare for the consultation, the Commission is organizing a series of workshops (5) between March and June 2006, in which experts and stakeholders from all over Europe and the world come together to debate the key issues.
ITU's Lara Srivastava spoke at the first workshop (6-7 March 2006), and also at the third workshop in the series held 16-17 May 2006 on "RFID Security, Data Protection & Privacy, Health and Safety Issues" (see the presentation here). The Policy Framework Paper written by the Commission in advance of the meeting highlighted the vision of the ITU's 2006 Internet Report on "The Internet of Things" released in November 2005.
Two more workshops are planned in early June, after which the Commission will open up the debate for a wider on-line public consultation, resulting in a Communication on RFID to be issued later this year.
For more information, including webcasts, see the European Commission RFID Consultation Website.
17 May 2006 A global opinion survey to assess trust of online transactions and awareness of cybersecurity measures was conducted by ITU in conjunction with World Telecommunication Day, celebrated on 17 May to commemorate the founding of ITU in 1865. The theme chosen this year - Promoting Global Cybersecurity - aims to highlight the serious challenges of ensuring the safety and security of networked information and communication systems.
The announcement of the results of the survey coincides with the launch of an ITU Cybersecurity Gateway portal. These efforts also highlight work being carried out as follow-up to the World Summit on the Information Society (WSIS) Action line C5 dealing with "Building confidence and security in the use of ICT", for which ITU is the facilitator/moderator.
Thursday, May 11, 2006
The Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) authored by OASIS (Organization for the Advancement of Structured Information Standards) have been consented as internationally recognised ITU-T Recommendations. The announcement is the first result of the formal relationship between the standardization sector of ITU and OASIS.
The standards (ITU-T Recommendations X.1141 (SAML) and X.1142 (XACML)) address the concern of how to allow safe single sign-on, a system that enables a user to authenticate once and gain access to the resources of multiple software systems. While solutions existed in this space, all were proprietary, and therefore not addressing the problem on a global level.
SAML and XACML are designed to control access to devices and applications on a network. The need for standards in this area has become more of an issue as business networks increasingly use the public Internet.
SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML leverages this information to determine access to resources by focusing on the mechanism for arriving at those authorization decisions.
An additional feature of SAML is that it allows organizations to communicate information without any change to their own internal security architectures.
[via
ITU-T Newslog]
Friday, May 05, 2006
Singapore’s mobile users – 99.8% of Singapore’s population, according to the Infocomm Development Authority’s (IDA) February 2006 stats – will have more protection against mobile spam in the future. IDA has put its foot down on this issue, warning of “swift enforcement” of penalties should mobile operators continue to fail to resolve mobile spam issues satisfactorily.
A strong warning letter was sent to SingTel, StarHub and M1, the three mobile operators in Singapore. In addition, IDA decided to make an example of errant content operator mTouche in the highly publicized mTouche spam case. Between 30th January to 5th February this year, 300,000 mobile end users were billed S$1 for unsolicited SMSes sent by mTouche through the three telcos.
More information can be found here.
China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law. The new email licensing clause is just a small part of a new anti-spam law formulated by China's Ministry of Information Industry (MII).
The impact on corporate email servers, which are commonly used by companies with more than a handful of employees, appears to have gone unnoticed until now. However, Singapore-based technology consultant, James Seng, who first drew attention to the new email licence requirement, believes the inclusion of the prohibition on mail servers is no accident.
More information can be found here.
Thursday, May 04, 2006
The "Survey on Industry Measures taken to comply with National Measures implementing Provisions of the Regulatory Framework for Electronic Communications relating to the Security of Services" conducted by the Technical Department of ENISA, Section Security Policies is available here.
The US Federal Communications Commission today adopted a Second Report and Order and Memorandum Opinion and Order (Order) that addresses several issues regarding implementation of the Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994. Among other things, the Order affirms that the CALEA compliance deadline for facilities-based broadband Internet access and interconnected VoIP services will be May 14, 2007, as established by the First Report and Order in this proceeding. The Order concludes that this deadline gives providers of these services sufficient time to develop compliance solutions, and notes that standards developments for these services are already well underway. Further details and background are available in the FCC news release and statement by individual FCC commissioners:
Wednesday, May 03, 2006
"As the International Telecommunication Union (ITU) prepares to celebrate this year's World Telecommunication Day, Nigerian experts on information communications technology, mobile telecommunication firms and industry regulators will converge in Abuja to brainstorm on the strides the nation had taken in the sector over the last couple of years and take stock on the level at which the government and the citizenry have embraced the new technologies as a tool for economic and social development."
"In keeping with the theme of this year's celebration - 'Promoting Global Cybersecurity'- an international symposium has been scheduled to held (in Abuja) where issues such as internet governance, financing of ICT development and universal access to the information superhighway will be discussed."
"Experts and technocrats will also compare notes on the theories and realities of Information Communication Technology in terms of achieving the Millennium Development Goals in Nigeria. The symposium is also expected to explore avenues of strengthening bilateral and multilateral development and economic cooperation for ICT expansion in Nigeria."
For the full story featured in This Day Online and shared through All Africa.com, click here.
Monday, May 01, 2006
A new wave of spam could be on the way that tricks recipients by looking like it’s a message sent from their friends' e-mail address. This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.
Aycock and student Nathan Friess conducted research and wrote a paper dubbed "Spam Zombies from Outer Space" to show that generating such customized spam -- such as in the form of e-mail replies -- would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.
More information can be found here.
Friday, April 28, 2006
In a press release, the European Commission has indicated its views on follow-up to the international policy commitments made at WSIS:
To keep up the momentum of the successful World Summit on Information Society (Tunis, 16-18 November 2005), the European Commission has set out today its priorities for implementing the international policy commitments made at the Summit. These priorities include safeguarding and strengthening human rights, in particular the freedom to receive and access information. Information and communication technologies (ICTs) should be used to contribute to open democratic societies and to economic and social progress worldwide. The Commission calls for continuing international talks to improve Internet governance through the two new processes created by the Summit: the multi-stakeholder Internet Governance Forum and the mechanism of enhanced cooperation that will involve all governments on an equal footing.
The EC has also issued a FAQ on Internet Governance.
Thursday, April 27, 2006
Via Schneier on Security comes news of a Kaspersky Labs report on extortion scams using malware:
We've reported more than once on cases where remote malicious users have moved away from the stealth use of infected computers (stealing data from them, using them as part of zombie networks etc) to direct blackmail, demanding payment from victims. At the moment, this method is used in two main ways: encrypting user data and corrupting system information.
Users quickly understand that something has happened to their data. They are then told that they should send a specific sum to an e-payment account maintained by the remote malicious user, whether it be EGold, Webmoney or whatever. The ransom demanded varies significantly depending on the amount of money available to the victim. We know of cases where the malicious users have demanded $50, and of cases where they have demanded more than $2,000. The first such blackmail case was in 1989, and now this method is again gaining in popularity.
In 2005, the most striking examples of this type of cybercrime were carried out using the Trojans GpCode and Krotten. The first of these encrypts user data; the second restricts itself to making a number of modifications to the victim machine's system registry, causing it to cease functioning.
Monday, April 24, 2006
Though the United States is making progress in the war on unsolicited commercial e-mail, or spam, it still generates more than any other nation in the world, according to recent statistics from Sophos, a provider of anti-malware solutions.
Sophos ranked spam outputs of the top 12 countries and top six continents based on messages it received in its “global network of spam traps” between January and March, according to the group’s release.
More information can be found here.
Thursday, April 20, 2006
The Federal Trade Commission (FTC) joined 29 other countries in calling for increased cooperation between nations in combating spam. The FTC signed off on a set of anti-spam recommendations by the Organization for Economic Cooperation and Development (OECD), a coalition of 30 countries organized to promote economic growth and trade.
More information about OECD activities on countering spam can be found here.
Please clik here to read the article.
Wednesday, April 19, 2006
The third edition of the International Critical Information Infrastructure Protection (CIIP) Handbook focuses on key aspects of CIIP related to security policy.
The CIIP Handbook is the product of a joint effort within the Comprehensive Risk Analysis and Management Network (CRN) partner network. The CRN is run by the Center for Security Studies (CSS) at the Swiss Federal Institute of Technology (ETH Zurich) and is a member of the Center for Comparative and International Studies (CIS).
"The first (2002) edition of the CIIP Handbook contained an inventory of protection policies in eight countries (Australia, Canada, Germany, the Netherlands, Norway, Sweden, Switzerland, and the United States) and their methods employed for CII assessment. The second edition (2004) included an update of existing surveys and covered six additional countries (Austria, Finland, France, the United Kingdom, Italy, and New Zealand) as well as international protection efforts."
"The latest version continues the tradition of the past two editions, while its scope has been extended: not only has the country survey section been further expanded with a specific focus on Asia by including India, Japan, the Republic of Korea, Malaysia, Singapore, and Russia, but it is also accompanied by a second volume with in-depth analysis of key issues related to CIIP."
Please click here to read more about the 2006 CIIP Handbook.
Volume 1 of the 2006 CIIP Handbook can be downloaded here.
Volume 2 of the 2006 CIIP Handbook can be downloaded here.
The United States National Science and Technology Council (NSTC), a Cabinet-level Council that coordinates science and technology policies across the Federal Government, on April 17th, 2006, released the Federal Plan for Cyber Security and Information Assurance Research and Development.
"This report sets out a framework for multi-agency coordination of Federal R&D investments in technologies that can better secure the interconnected computing systems, networks, and information that together make up the U.S. information technology (IT) infrastructure."
"This country’s IT infrastructure – which includes not only the public Internet but also the networking and IT systems that control critical infrastructures ranging from power grids to emergency communications systems – is vital not only to our national and homeland security but to our economic security," said John H. Marburger III, Science Adviser to the President and Director of the Office of Science and Technology Policy (OSTP). "This report provides a blueprint for coordination of Federal R&D across agencies that will maximize the impact of investments in this key area of the national interest."
The Plan was prepared by the Interagency Working Group (IWG) on Cyber Security and Information Assurance (CSIA), whose members represent more than 20 government organizations. The CSIA IWG operates under the auspices of the NSTC’s Subcommittee on Infrastructure and Subcommittee on Networking and Information Technology Research and Development (NITRD).
The Federal Plan for Cyber Security and Information Assurance Research and Development is available through the NITRD Program Web site.
Please see the recent Press Release and the Federal Plan for further details on these activities.
Monday, April 03, 2006
China’s Ministry of Information Industry has adopted the Measures for the Administration of Internet E-mails. The regulations, which took effect from 30 March 2006, are designed to apply to email service providers and apply to any person operating an email service for Internet users in Mainland China.
The regulations are as follows:
- A provider is defined as any person in the service supply chain involved in delivering or helping users to receive email;
- Service providers must register with the government and obtain a license before providing email services;
- Violators face warnings or penalties of up to 30,000 yuan (approx. $3,700 US) and risk losing their license;
- Firms are barred from sending unsolicited commercial messages without prior consent from recipients;
- All commercial email must have a subject header of “AD” or the Chinese character for advertisement;
- The rules only apply to email containing commercial advertisements;
- The rules state that providers must stop delivery of any messages containing commercial advertisements even if a recipient first consents, but later changes his or her mind.
A copy of the rules (in Chinese) can be found here.
Friday, March 31, 2006
The Federal Trade Commission and members of the International Consumer Protection and Enforcement Network (ICPEN) are meeting in Jeju, Korea, on March 26-28, to discuss the progress of international efforts to combat cross-border fraud and explore new international initiatives to protect consumers around the world.
The FTC’s participation in ICPEN is one part of the agency’s ongoing effort to combat a rising number of cross-border fraud complaints from American consumers. ICPEN members discussed the results of a recent Internet surf for Web sites that are “hidden traps online.”
Over 30 countries participated in the international surf. In the United States, the focus was on Web sites with fraudulent claims advertising “miracle cures” for diabetes, with the FTC, FDA, and several states Attorneys General offices participating.
The FTC and its partners reviewed over 1,000 Web sites and identified over 150 with potentially misleading diabetes claims. The FTC will follow-up, sending warning letters to Web sites that appear to have deceptive or false claims.
More information can be found here.
Thursday, March 30, 2006
Wednesday, March 29, 2006
Activités de l’UIT dans la Lutte contre le SPAM, PDF, Cristina Bueti, ITU Strategy and Policy Unit,21 March 2006, presented at the workshop on "Lutte contre le SPAM"(Rabat, Morocco).
The fight against spam, phishing and e-mail fraud should focus on economic incentives and aiding law enforcement, according to attendees at a conference examining the problem this week. Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers.
More information can be found here.
Tuesday, March 28, 2006
World Telecommunication Day (WTD) commemorates the founding of ITU on 17 May 1865. This year, WTD could carry added significance as 17 May has been identified by the Tunis phase of the World Summit on the Information Society as “World Information Society Day”.
While World Information Society Day is yet to be proclaimed, ITU, as the leading ICT agency of the UN system, upholds the idea and looks forward to its members to raise awareness of the role of ICT in achieving the development goals of all people.
For WTD 2006, the ITU Council chose the theme of Promoting Global Cybersecurity to highlight the serious challenges we face in ensuring the safety and security of networked information and communication systems.
In today’s interconnected and increasingly networked world, societies are vulnerable to a wide variety of threats, including deliberate attacks on critical information infrastructures with debilitating effects on our economies and on our societies. In order to safeguard our systems and infrastructure and in order to instill confidence in online trade, commerce, banking, telemedicine, e-government and a host of other applications, we need to strengthen the security practices of each and every networked country, business, and citizen, and develop a global culture of cybersecurity.
The urgency of promoting cybersecurity has been called for by the ITU Plenipotentiary Conference in 2002, the World Telecommunication Standardization Assembly (WTSA-2004) as well as the United Nations General Assembly (resolutions 58/199, 2004, and 57/239, 2002).
Invitations to organize national programmes in the context of promoting the theme Promoting Global Cybersecurity for WTD 2006 were sent to all ITU Member States and ITU Sector Members. Sector Members represent over 647 public and private companies and organizations with an interest in telecommunications. Also in conjunction with WTD 2006, the ITU is conducting a survey of cybersecurity trust and awareness. A list of links to the related materials includes:
Internet service providers could face huge fines if they do not provide spam filtering or impose email sending limits under new rules set down by a communications watchdog. The Australian Communications and Media Authority (ACMA) today registered the world's first legislative code of practice for internet and email service providers.
More information can be found here.
At a technology forum in Brussels hosted by EuroISPA - the European Internet Services Providers Association, and co-sponsored by Interpol, Neil Holloway, president, Microsoft (Europe, Middle East and Africa), inaugurated a global law enforcement campaign targeted at cybercriminals responsible for phishing attacks.
This is part of Microsoft's larger program dubbed - the Global Phishing Enforcement Initiative (GPEI), that aims at co-ordinating and expanding the company's anti-phishing efforts globally.
More information can be found here.
Monday, March 27, 2006
Thursday, March 16, 2006
Communications points to an interesting presentation
on reverse engineering Skype given by Philippe BIONDI & Fabrice
DESCLAUX at the Blackhat Europe conference in Amsterdam, March 2nd
& 3rd. Warning: 115 highly technical slides including this conclusion:
Wednesday, March 15, 2006
The « Direction du Développement des Médias (France), l’Agence Nationale de Réglementation des Télécommunications (Morocco), l’Institut Francophone des Nouvelles Technologies de l’Information et de la Formation (Francophonie) et le Service Public Fédéral Economie, PME, Classes moyennes et Energie (Belgium) » are jointly organizing a workshop on the « Fight against Spam ».
The workshop will be held in Rabat (Morocco) from 22 to 23 March 2006.
More information can be found here.
Click here to see the agenda.
Tuesday, March 14, 2006
"The case for promoting a global culture for cybersecurity was strongly emphasized at the World Telecommunication Development Conference (WTDC) during an information session for participants conducted by ITU on Friday.
ITU pointed out that in an increasingly interconnected and networked world our societies are vulnerable to a wide variety of threats, including deliberate attacks on critical information infrastructures with debilitating effects on our economies and on our societies. In order to safeguard our systems and infrastructure, we need to strengthen our collective cybersecurity.
As this depends on the security practices of each and every networked country, business, and citizen, we need to develop a global culture of cybersecurity. According to ITU, cybersecurity is critical in the use and development of ICT. The lack of adequate security is an obstacle for using ICTs that rely on the protection and confidentiality of sensitive data. Unless these security and trust issues are addressed, the benefits of the Information Society to governments, businesses and citizens cannot be fully realized.
The information session was aimed at raising awareness on this very important subject and to contribute to bridging the information and knowledge divide between and within countries.
At that session, ITU launched a new reference guide on Cybersecurity for Developing Countries and informed delegates of ITU’s initiative in Promoting Global Cybersecurity as the theme for World Telecommunication Day on 17 May this year. ITU will also assist developing and least developed countries in increasing cybersecurity and will conduct workshops and seminars to enable countries to exchange ideas and discuss common issues." [Via WTDC 2006 Highlights]
For more information about the World Telecommunication Development Conference (WTDC), please click here.
Thursday, March 09, 2006
Qatar's Prime Minister Sheikh Abdullah bin Khalifa al-Thani said in his opening speech to ITU World Telecommunication Development Conference 2006 on Tuesday 7 March that "communication, especially information technology, has become a major pillar of the economic and social development of all countries."
"Sheikh Abdullah said WTDC 06 had a key role to play in bringing peoples together and help them live in peace and with mutual respect. However, he cautioned against misuse of communication technology and said a legal and regulatory environment must be set up to secure the optimum use of the resources of knowledge."
WTDC, held for the first time in the Arab region, is organized by International Telecommunication Union (ITU) and hosted by Qatar’s Supreme Council for Information and Communication Technology (ictQATAR).
For the full article featured in Gulf Times, please click here.
Microsoft founder Bill Gates said in 1998 that spam was "an annoying and sometimes destructive use of the Internet's unprecedented efficiency." Gates communicated the problem. The makers of Spam Cube created the solution.
The launch of Spam Cube gives everyday personal computer users a revolutionary new tool in the battle against unwanted email. Working in harmony with every operating system and nearly all email providers, Spam Cube protects up to four home computers with its breakthrough anti-spam technology. A technology spawned by the frustration felt by computer users worldwide, forced to endure invasive junk e-mail campaigns.
For more information, please click here.
Including data from some of the world's largest Internet Service Providers, MAAWG (Messaging Anti-Abuse Working Group) has developed its first metrics report outlining the scope of the problem and validating that approximately 85 percent of Internet traffic today is abusive email.
The report, "MAAWG Email Metrics Program: The Network Operators' Perspective," provides data for the fourth quarter of 2005 and will continue to be updated on a quarterly basis as an objective tool for tracking the industry's efforts at controlling abusive email.
For more information, please click here.
Wednesday, March 08, 2006
Efforts by governments to counter internet spam by tracking down and prosecuting spammers have had limited impact and require far more resources than most countries can muster, the United Nations telecoms agency (ITU) warned on Tuesday.
It says in a report that while all countries need anti-spam legislation so that spammers have nowhere to hide, a more effective approach would be to require the establishment of enforceable codes of conduct by internet service providers (ISPs).
For more information about the article, please click here.
For more information about the report "Stemming the International Tide of Spam", please click here.
Saturday, March 04, 2006
According to a press release from the UN, the UN Secretary-General has decided
to establish a small Secretariat in Geneva to assist in the convening of the
Internet Governance Forum (IGF). The Secretary-General was asked by the World
Summit on the Information Society, held in Tunis in November, to convene such a
Forum for multi-stakeholder policy dialogue.
Nitin Desai, the Secretary-General’s Special Adviser for the Summit, held open consultations on
16 and 17 February in Geneva aimed at reaching a common understanding on how the
Forum should function. Those discussions produced a consensus that the IGF
should have a strong development orientation. It was also felt that the Forum
should be open and inclusive, and allow for the participation of all interested
stakeholders with proven expertise and experience in Internet-related
matters.
The Secretariat will be headed by Markus Kummer, who has been the Executive Coordinator of the Secretariat of the
Working Group on Internet Governance, which was established by the
Secretary-General at the request of the first phase of the Summit, in Geneva in
2003. The first meeting of the Forum is expected to take place later this year
in Athens, Greece from October 30 - November 2 2006.
On a separate issue, the Secretary-General has also decided to ask Mr. Desai to consult informally on how
to start a process aimed at enhancing cooperation on international public policy
issues related to the Internet. The Summit had requested the Secretary-General
to start such a process in paragraphs 69-71 of the WSIS Tunis Agenda for the Information Society.
Thursday, March 02, 2006
Recognising the importance of electronic interdependencies, India and the United States on Thursday agreed for greater cooperation to protect electronic transactions and critical infrastructure from cyber crime.
"The two sides recognised the importance of capacity building in cyber security and greater cooperation to secure their growing electronic interdependencies, including to protect electronic transactions and critical infrastructure from cyber crime, terrorism and other malicious threats," the Indo-US joint statement said.
For more information, please click here.
Soon PC users could be literally stamping out spam instead of hitting the delete key.
"Many information workers spend a majority of their time trapped at their desk dealing with e-mail," said Brian Meyers, from the Step User Interface Project Group who helped develop the prototype.
For more information, please click here.
Wednesday, March 01, 2006
On Tuesday, the anchors of the coalition – the Electronic Freedom Foundation and Free Press -- hosted a national conference call asking for allies to unite to fight AOL's "e-mail tax."
Under the banner of DearAOL.com, a total of fifty organizations, including MoveOn.org, Civic Action, Gun Owners of America, The Association of Cancer Online Resources and Craig Newmark of Craigslist.com joined in to offer up a number of explanations as to why such a "pay-to-send" policy would harm the Internet forever.
For more information, click here.
See also "
The Future of Some Email May Not Use Email".
Symantec launches a new Internet security barometer that gives consumers clues on which online activities are currently safest. But unlike rival security meters, Symantec's new Internet Threat Meter breaks out current risks by activity: e-mail, Web browsing, instant messaging, and file sharing.
For more information, please click here.
Three civil suits were filed under Virginia's new anti-phishing statute, the Federal Lanham Act, marking the first time an ISP has used the new law.
For more information, please click here.
A group of security researchers claims to have found the first virus that can jump to a mobile device after infecting a PC.
"Crossover is the first malware to be able to infect both a Windows desktop computer as well as a PDA running Windows Mobile for Pocket PC," the research group said.
For more information, please click here.
Tuesday, February 28, 2006
In Japan, the
ima doko (where are you now) service allows parents to track the location of their children through a mobile handset or a
P-doco?mini device. One can pull up location data using the internet or even with a
3G NTT Docomo handset to see
location data on a map (scroll down for sample maps displayed on the i-mode handset.
This
flash animation shows a Japanese mother pulling up a map that locates her daughter's mobile handset.
APCAUCE's 2006 meeting was organized in Perth, Australia in conjunction with the APRICOT Conference. The Regional Update meeting was on Sunday 26 February 2006, and APCAUCE (Asia Pacific Coalition Against Unsolicited Commercial Email) will also organize an antispam technical conference track as part of APRICOT on 1 March 2006.
For more information, please click here.
Monday, February 27, 2006
The Japan E-mail Anti-Abuse Group (JEAG), a working group founded by Japan's ISPs and mobile operators to counter spam, has drafted a list of recommendations for the reference of companies and mail server system administrators that are considering counter-spam measures. The recommendations include information on introducing effective technological counter-measures and working policies to eliminate spam.
For more information, please click here.
Sunday, February 26, 2006
Since Yahoo first proposed its DomainKeys authentication standard for email (DKIM), AOL has played coy. That strategy has apparently served the uber-ISP well, as it has been extended indefinitely.
In a standing-room-only webinar courting direct marketers, AOL speaker Nicholas Graham was asked when the firm will get around to adopting DKIM's cryptographic-based technology. Christine Blank of DMNews reports Graham responded, "We will have to wait and see. The facts are still out."
For more information, please click here.
Commtouch has announced spam and computer virus statistics for the month of January 2006. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January.
For more information, please click here.
Liberal political action group MoveOn.org is organizing a petition drive against America Online's certified email service, whereby advertisers could pay a per-message fee to guarantee their messages will bypass AOL's spam filtering technologies and be delivered directly to AOL users.
Claiming the service amounts to an "email tax" by granting large email senders preferential access to AOL users mailboxes, while leaving other email users (like small businesses, friends, family members, charities, and co-workers) in the dark, wondering if their mail will get through.
For more information, please click here.
Ahmed Bin Ali, Manager Corporate Communications, Etisalat, said: 'We are happy to make this option available to all our valued customers, and we are empowering them to be able to decide what content they receive and from whom. Our customers have shown interest in a service like this, and we have taken all the steps to make this option available at the earliest.'
For more information, please click here.
Programs that fight viruses have become a necessary evil on Windows PCs. Now the antivirus industry is turning its attention to mobile phones, but it's running into reluctance from cell service providers, who aren't so sure that the handset is the best place to handle security.
For more information, click here.
Friday, February 24, 2006
The Golden Book — a record of work undertaken to implement the goas of the World Summit on the Information Society and build the future Information Society — was launched on 24 February 2006 during the Consultation Meeting of WSIS Action Lines Facilitators/Moderators, convened by ITU, UNESCO and UNDP in Geneva.
This Golden Book highlights some of the valuable work being done around the world to promote ICTs in projects, large and small, by governments, individuals or team effort, for the benefit of all. It provides illustrative examples of new and innovative projects to build infrastructure, promote ICTs in education, health and governance, ensure fair access and enhance online security.
The Golden Book has been published by the International Telecommunication Union (ITU) as a permanent record of the new commitments and resources pledged by stakeholders during the Tunis Phase of the World Summit on the Information Society (WSIS). All WSIS stakeholders at the Summit were invited to submit an online questionnaire with details of their activities announced during the Tunis Phase. These activities have been planned or are already being undertaken to implement the WSIS Plan of Action. The Golden Book also serves as a tool helping to coordinate the action taken to implement the 11 Action lines and avoid duplication.
More than 375 submissions were made to the Golden Book by governments, international organizations, NGOs, companies and individuals, describing their work towards promoting ICT activities. ITU estimates that the activities announced during the Tunis Phase to promote WSIS goals represented a total value of at least € 3.2 billion (US$ 3.9 billion). Governments committed to implement projects for some € 1.9 billion, representing nearly two-thirds of estimated total value of all commitments, while international organizations pledged to carry out activities for around half that amount, i.e. 0.83 billion Euros. Business entities announced plans to realize projects for around 0.35 billion Euros and civil society projects amount to least 0.13 billion Euros.
Amount of financial commitments by stakeholder
Breakdown by anticipated expenditure
For more information on the Golden Book, please see here.
Thursday, February 2