International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, October 31, 2006

ITU's Strategy and Policy Unit has just released a new issue of SPU Flash.

The electronic version of the SPU Flash, Issue 10 is available here.

Click here to subscribe to SPU News.

Tuesday, October 31, 2006 5:28:43 PM (W. Europe Standard Time, UTC+01:00)  #     | 

In his remarks at the First Meeting of the Internet Governance Forum in Athens, Greece, 30 October 2006, ITU Secretary-General Yoshio Utsumi, encouraged meeting participants to "welcome open debate in the great spirit of Athenian democracy".

See the transcript of Secretary-General Utsumi's speech here.

Tuesday, October 31, 2006 2:45:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 27, 2006

"Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive."

The Office of the Privacy Commissioner of Canada's recently released new Guidelines for Identification and Authentication. The Guidelines are intended to help organizations develop appropriate identification and authentication processes in ways that respect the fair information practices in the Personal Information Protection and Electronic Documents Act (PIPEDA) and ensure compliance with its security provisions by providing the strongest protection for customers’ personal information. The scope of the document is limited to identification and authentication techniques between organizations and individuals.

These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:

See also a more detailed document published by Industry Canada in 2004 named "Principles for Electronic Authentication".

This article was accessed through Schneier's blog: Schneier on Security.

Friday, October 27, 2006 4:02:05 PM (W. Europe Standard Time, UTC+01:00)  #     | 

United Kingdom's telecommunications regulator Ofcom criticized a proposed European Union law regulating the internet, warning that "it could devastate the continent's internet-TV, mobile-multimedia and online-games industries". Under the EU proposal, many internet broadcasts would face the same requirements on advertising content and production quotas as traditional television.

The U.K. regulator hired Rand Corp. to conduct an impact-assessment study, which outlined the possible negative effects. There are major uncertainties about the future "trajectory" of Internet TV, the regulator said in a note accompanying the study. "Creators will simply distribute their own material via the open Internet, bypassing the need for any form of commercial relationship with other distributors," the regulator said, adding that internet broadcasters would move offshore to escape the regulation. The U.K. position is crucial.

When the EU proposal was first floated last year, London opposed all extension of broadcasting rules to new media. Ofcom spokesman Simon Bates said the U.K. has realized that some new services will fall under the regulation. The key is to gain exemptions for particularly vulnerable services. "We understand that some TV-like services that look like TV and feel like TV warrant some protection," he said, adding that fledgling services should remain exempt. "Our worst fear would be if blogs are required to be regulated like mass-media television services, with rules for example about offensive content." If infant industries are regulated, Ofcom says they risk being pushed offshore. Even though mobile-phone operators could restrict their services available on the open Internet, the EU regulation would give them "incentives to artificially structure businesses so that the regulatable activity of making and creating content takes place outside the EU." The regulation could devastate Europe's online-games industry, the report added. "Rand Europe finds that this industry is global, and that the added value activity of creating and developing games is highly 'portable,'" the regulator writes. "This industry is therefore highly susceptible to increases in regulation in one territory, however small, especially when that regulation does not have parallels in other territories." The regulator recommends "excluding online games altogether from the scope" of the EU regulation.

The European Parliament is scheduled to vote on the proposal by year end. EU governments meeting in the Brussels-based Council of Ministers also must approve it. Intellect, a U.K. trade association, recently said the regulation threatens to stifle services such as on-demand and interactive-video content.

Please see William Echikson's article in Wall Street Journal Europe for more details.

Friday, October 27, 2006 11:55:10 AM (W. Europe Standard Time, UTC+01:00)  #     | 

With the second meeting of the Focus Group on IPTV seeing a record number of participants and contributions, experts have declared satisfaction that work towards a set of standards for IPTV is well on track.

A recent report from industry analyst Gartner says that the number of households around the world subscribing to IPTV services offered by telecom carriers will reach 48.8 million in 2010. Buoyed by new service launches, IPTV subscribers will more than double in 2007 from an expected 6.4 million in 2006 to 13.3 million according to Gartner. Experts agree that it is imperative that standards needs are met if these impressive figures are to be achieved.

A key achievement at the FG IPTV meeting in Korea was progress towards a standardized IPTV architecture: The group agreed that IPTV architecture shall allow for both NGN and non-NGN approaches to IPTV, and within the NGN-approach, include both IMS and non-IMS based approaches.

Ghassem Koleyni, chair of the group stated that: "I am particularly happy that we have achieved so much progress in ITU-T Working Group 1 (service requirements and architecture). The level of participation in this group is growing and progress is overall good. But requirements and architecture are of such fundamental importance that getting a fix on these points, at this stage, is very satisfying. In order to gain momentum here we will convene an electronic meeting looking specifically at requirements and architecture, 18-21 December."

The Korea meeting agreed on the following definition of IPTV: "IPTV is defined as multimedia services such as television/video/ audio/text/graphics/data delivered over IP based networks managed to provide the required level of QoS/QoE, security, interactivity and reliability."

The FG IPTV meeting was preceded by an ITU-T workshop. The event attended by over 400 and held in Seoul provided a view and examination of IPTV standardization, political and regulatory aspects, business models and various case studies as well as technical developments and service provider’s operational aspects. A roundtable discussion at the event concluded that global standardisation and interoperability are key for further development of IPTV worldwide. Other issues that might be further discussed at an international level, according to the roundtable’s twenty participants, include digital rights management (DRM).

The next face-to-face meeting of the FG IPTV is scheduled for 22-26 January 2007 at the Microsoft facilities, Mountain View, California, USA at the invitation of Alliance for Telecommunications Industry Solutions (ATIS).

For more information see the ITU-T IPTV Focus Group website.

Friday, October 27, 2006 10:26:45 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, October 25, 2006

On 16 October 2006, Mauritius officially launched their Anti-Spam Awareness Campaign. On this occasion the Minister of IT and Telecommunications also presented a dedicated Anti-Spam Website with resource aimed at raising awareness and sharing information on spam, malwares, etc.

In Mauritius, the spamming problem is gaining in magnitude and there is a need to have a concerted approach to address this issue. Without remedial action to address the problem of spam in Mauritius, the country runs the risk of being seen as a safe haven for spammers and there is the risk that legitimate email traffic from Mauritius to other countries which have anti-spam legislation, could be blocked. In this context, the National Computer Board has set up a National Anti Spam Committee to co-ordinate activities at the national level with regards to combating spam.

The Anti-Spam Co-ordination Committee consists of representatives from the following national organisations: National Computer Board; IT Security Unit, Ministry of IT and Telecommunications; Ministry of Education and Human Resources; Ministry of Industry, Commerce, Small and Medium Enterprises and Cooperatives; Ministry of Foreign Affairs, International Trade and Cooperation Joint Economic Council; Mauritius Chamber of Commerce and Industry (MCCI); State Law Office; ICT Authority; Mauritius IT Industry Association; Internet Society; University of Mauritius (UOM); University of Technology; Telecom Plus/Mauritius Telecom ACT.

For further information see the newly launched Anti-Spam Website and Mauritius' Anti-Spam Action Plan.

Wednesday, October 25, 2006 1:12:33 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 23, 2006

The Journal du Net states in a recent article that organized cybercrimes represent a growing risk for internet users. Hackers use new techniques to hide and make their attacks more efficient. Their main goal is not to destroy computers. With the rapid development of e-commerce, hackers want to take over personal data and make as much profit as they can with it.

To achieve this, they use different forms of worms or trojans send from servers hosted in countries where the legislation is less strict. To protect their economic interests, businesses need to include employees in their security policies so they do not become the weak link in the security chain.

See Journal du Net for the full article in French.

Monday, October 23, 2006 2:29:08 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Sunday, October 22, 2006

The 13th European Conference of Postal and Telecommunications Administrations' (CEPT) Conference, took place in Berlin 11-12 October 2006. The title of the conference was "Regulations under Challenge".

The conference looked at the electronic communications policy and regulatory matters with the aim of facilitating a fruitful dialogue between regulators working at different levels of international and national institutions, industry and users on topics including: forward-looking regulatory and policy developments in a rapidly changing environment; technological, market and other developments with potential impact on regulations; and the impact of regulations on technology developments and telecom markets.

The first day, "Policy challenges", featured visionary keynote speeches by top level speakers, followed by plenary sessions presenting views from industry, the European Commission, regulators and others. Speakers included: Yoshio Utsumi (ITU), Guido Landheer (CEPT), Fabio Colasanti (EC), Michael Bartholomew (ETNO), Kevin Power (ECTA), Tom Lindström (EICTA), Sergio Antocicco (INTUG), Peter Scott (EC), Kip Meek (ERG and OFCOM), Mathias Kurth (RSPG), Rainer Münch (ETSI TISPAN), Kenneth Neil Cukier (The Economist) and Chris Marsden (RAND).

The second day, "Regulatory practices under challenge", addressed more specific topics in two parallel tracks. An overview of the state of the art in VoIP from a regulator's and incumbent's viewpoint was given in sessions on Digital Dividend, Spectrum Management Reform, New Technologies and Suitable Regulation, Building Blocks of NGN, NGN Challenges, and the Future of Telecommunications.

The meeting programme and the presentations can be found here.

This information was accessed through Richard's Blog for VoIP and ENUM

Sunday, October 22, 2006 7:21:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Saturday, October 21, 2006

There is growing interest in the economics of information infrastructure security.

Some of the seminal work in the field has been done by Ross Anderson of Cambridge University, particularly in his original paper Why Information Security is Hard - An Economic Perspective as well as in some of Bruce Schneier's work. Ross Anderson maintains an excellent resource page on the topic with pointers to relevant material.

In June of this year, the Fifth Workshop on the Economics of Information Security (WEIS 2006) was held in Cambridge, England and next week the The Workshop on the Economics of Security the Information Infrastructure will take place on 23 October 2006 in the Washington, D.C. area.

Saturday, October 21, 2006 9:51:31 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The first meeting of the Internet Governance Forum (IGF) will be held in Athens, Greece from 30 October - 2 November 2006.

The current programme is available here.

A couple of related websites have been unveiled:

CircleID has a related article asking What Will Be the Outcome of the Internet Governance Forum Meeting in Athens?

Saturday, October 21, 2006 8:28:51 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 20, 2006

Business Week Online shows in a recent article entitled "Needed: A National Cyber Security Law'" that more and more people have their personal information lost, stolen or compromised. Security breaches are eroding their trust in the capability of the Internet to deal with their private personal information. This growing confidence-deficit represents a serious threat to the economic growth of each country, according to the article. Therefore, it is time for officials to act by passing strong data-security laws. These national laws must aim to both prevent further data breaches and address leaks once they occur.

"To accomplish these goals, lawmakers should establish reasonable security measures, create a consistent and recognizable notification standard, encourage best practices such as encryption, and include effective enforcement capabilities".

See Business Week Online for the full article.

Friday, October 20, 2006 12:36:39 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Computer World released an article entitled “Ten security trends worth watching”, based on Bruce Schneier’s speech at last month’s Hack in the Box Security Conference in Kuala Lumpur, Malaysia.

Mr. Schneier identified 10 trends affecting information security today:

  1. Information is more valuable than ever.
  2. Networks are critical infrastructure. "If the Net goes down, or part of the Net goes down, it really affects the economy".
  3. Users do not necessarily control information about themselves. For example, Internet service providers have control over records the Web sites that users visit and email messages they send and receive.
  4. Hacking is increasingly a criminal profession. More and more, attacks are organized and led by criminals who are driven by a profit motive.
  5. Complexity is your enemy. "As systems get more complex they get less secure". Mr. Schneier mentioned that the Internet is "the most complex machine ever built".
  6. Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them.
  7. Worms are more sophisticated than ever. 
  8. The endpoint is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy".
  9. End users are seen as threats.
  10. Regulations will drive security audits.

See Computer World for the full article.

Friday, October 20, 2006 7:41:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 19, 2006

"The existing identity infrastructure of the Internet is no longer sustainable. The level of fraudulent activity online has grown exponentially over the years and is now threatening to cripple e-commerce. Something must be done now before consumer confidence and trust in online activities are so diminished as to lead to its demise." A recently released paper by the Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, tries to address this: 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age. 

See more information on the 7 Laws in the related news release and brochure.

Thursday, October 19, 2006 7:39:54 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 17, 2006

The European Commission held its final conference on Radio Frequency Identification (RFID) on 16 October 2006 in Brussels, to close the series of consultations initiatives announced by Commissioner Viviane Reding at CeBit in March 2006. The conference (RFID: Heading for the Future) was opened by the Commissioner and featured Commission officials, members of the European Parliament, and relevant stakeholders from industry, government and civil society who have been involved in the ongoing European debate about RFID. ITU's Lara Srivastava spoke at the conference on the topic "RFID: from identification to identity" and her presentation is available here.

More information about the EU's RFID consultation is available here.

 

 

Tuesday, October 17, 2006 4:06:54 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The Digital Opportunity Index (DOI) is a composite index that has been developed by the ITU/Digital Opportunity Platform to measure countries' progress in ICTs and digital opportunity, as part of the endorsed methodology for WSIS evaluation and follow-up. It is a flexible methodology that has been used in many different ways. Every day this week, SPU will demonstrate a different application of the DOI, to show its flexible and versatile applications for policy analysis.

The urban/rural digital divide is one of the most obvious divisions in many countries (depending on their geography, degree of urbanisation and industrial development, among other factors). ITU has traditionally sought to monitor the urban/rural divide in telecoms using the indicators of % of main lines in urban areas and mainlines in the largest city. For example, in China, as recently as 2004, just over two-thirds of all mainlines were to be found in urban areas (World Telecommunication Indicators).

However, the urban/rural divide extends far beyond connectivity. Differences in digital opportunity between urban and rural areas are also evident in the price of access to ICTs (often more expensive in rural areas), speed and quality of access (what the Nigerian blogger Oro calls "plug and pray") and technology in e.g., coverage of population with a mobile signal. The Digital Opportunity Index measures all these different aspects to access to ICTs.

For most countries, detailed data on urban/rural differences for all these aspects are difficult to come by. However, at the recent Digital Opportunity Forum held in Korea, the Egyptian Ministry of Communications and Information Technology presented its expert analysis of the urban/rural divide in Egypt (see figure below). Taking into account differences in price, coverage, Internet availability and usage, the Ministry calculated that the rural population in Egypt has one quarter less opportunity to access and use ICTs as in urban areas. This points to a measurable and significant urban/rural divide in connectivity in a country where the vast majority of the population (95%) live in the fertile Nile valley. The DOI provides a means not only of quantifying the extent of this urban/rural divide, but also of monitoring its future evolution.

The urban/rural divide in Egypt


Source: Egyptian Ministry of Communications and Information Technology, presented to the Digital Opportunity Forum, 1 September 2006.

For more information about the Digital Opportunity Index, click here.

Tuesday, October 17, 2006 3:07:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
The 2006 ITU ‘Young Minds’ are now in their final week of the SPU-administered programme. Now entering its third year, the programme is designed to give young people valuable exposure to the international telecommunication environment and the work of ITU. Lucy Yu from the United Kingdom and Chin Yung Lu from Hong Kong SAR were selected as the 2006 Young Minds. As part of their work at the SPU, the Young Minds have been researching telecommunications technologies and preparing text for the ITU Internet Report 2006: digital.life. Statistics were collected and prepared by Kenichi Yamada.

The ITU Internet Report is a series of publications prepared on a yearly basis especially for ITU TELECOM events. The 2006 edition is the eighth in the series and will be published to coincide with ITU TELECOM World 2006, to be held in Hong Kong from 4th - 8th December. The report begins by examining the underlying technological enablers of new digital lifestyles, from upgrading network infrastructure to value creation at its edges. In studying how businesses are adapting to fast-paced digital innovation, the report looks at how they can derive value in an environment driven by convergence at multiple levels. The question of extending access to underserved areas of the world is considered as an important priority. In light of media convergence, a fresh approach to policy-making may be required, notably in areas such as content, competition policy, and spectrum management. Concerns over privacy and data protection are not being sufficiently addressed by current methods for managing identities online. As such, the report examines the changing digital individual, and outlines the need for improving the design of identity management mechanisms for a healthy and secure digital world.

As a conclusion to their research, the Young Minds each gave a presentation on selected topics that are each expanded upon in digital.life. Their presentations, entitled ‘A User-Generated Digital World’ and ‘Internet Protocol Television (IPTV): Television is changing…..’ can be seen here. In her presentation, Lucy Yu introduced the phenomenon of user generated content and talked about the effect that this is having on communities and social networking as well as the web’s wider knowledge base. She went on to talk about business models and the potential for growth and the threats that legislation and social acceptance may pose to user-generated content. Finally, she questioned future possible trends and explored how the market might evolve. In his presentation, Chin Yung introduced IPTV and illustrated how it works, and talked of the growing trend of media convergence between television services and the internet. He also listed the main differences between IPTV and Internet Video Streaming, which are often thought to be the same technologies. To conclude, Chin Yung displayed some IPTV deployments in Europe and Asia and suggested that IPTV can be an exciting opportunity for telcos.

Both ‘Young Minds’ have greatly enjoyed their time on the programme and would encourage any young people with a passion for telecoms to take part in the 2007 call. For further details on the Young Minds programme see the Young Minds webpage.

Tuesday, October 17, 2006 1:41:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Slashdot has an article that says "Researchers are finding it practically futile to keep up with evolving botnet attacks. 'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va. There is a general feeling of hopelessness as botnet hunters discover that, after years of mitigating command and controls, the effort has largely gone to waste. 'We've managed to hold back the tide, but, for the most part, it's been useless,' said Gadi Evron, a security evangelist at Beyond Security, in Netanya, Israel, and a leader in the botnet-hunting community. 'When we disable a command-and-control server, the botnet is immediately re-created on another host. We're not hurting them anymore.' There is an interesting image gallery of a botnet in action as discovered by security researcher Sunbelt Software."

Tuesday, October 17, 2006 10:50:39 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Om Malik points to an article in French that discuss how Free.fr, the world's leading multiple play provider based in France is now quickly moving into wireless mesh networks with its new Freebox HD set-top box/wiifi offering. To understand the quantitative advantages of wireless mesh networks, see this presentation from Dave Beyer from 2002 that explains how mesh coverage has the interesting property of increasing coverage and capacity as the more subscribers are added (since the subscribers are part of the routing infrastructure).

Free recently announced the delivery of their 300,000 Freebox HD, which they say creates a wi-fi mesh network that allowing their new wi-fi based phones to roam.

Olivier Gutknecht reported on some of this in English back in April 2006.

Free is also going to do a rollout of FTTH to every home in Paris which they say they will unbundle to competitors.

They also now have a national WiMax license acquired through the acquisition by their parent company, Iliad, of Altitude Telecom.

This recent presentation on Iliad's mid-2006 results provides a good overview of their strategic direction and their financials. What is next?

Tuesday, October 17, 2006 10:20:26 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The Economist has an article entitled Your television is ringing that discusses service providers build-outs of Next Generation Network (NGN) converged platforms.

In fact, although the industry likes to depict convergence as a great boon for customers, it actually involves a technological shift that, in the first instance at least, will primarily benefit network operators. At its heart, convergence is the result of the telecoms industry's embrace of internet technology, which provides a cheaper, more efficient way to move data around on networks. On the internet everything travels in the form of “packets” of data, encoded using internet protocol, or IP. The same system can also be used to encode phone conversations, text and photo messages, video calls and television channels—and indeed anything else.

Tuesday, October 17, 2006 10:09:11 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 16, 2006

The ITU’s Strategy and Policy Unit (SPU) is delighted to announce over 70,000 downloads of its major new report, the World Information Society Report (WISR) since July.

The World Information Society Report charts progress in building the Information Society and track the dynamics driving digital opportunity worldwide using a new tool—the Digital Opportunity Index (DOI). The Digital Opportunity Index can strengthen policy-making by monitoring the critical areas of the digital divide, universal access, gender and the promotion of broadband and universal service policies. The DOI has been cited by the US Federal Communications Commission to measure the state of broadband in the United States, monitored in Ireland to track the price of broadband and used by the Egyptian Government to measure the urban-rural divide in Egypt.

Every day this week, SPU will profile a different practical application of the Digital Opportunity Index, to demonstrate its genuine use for policy purposes and to show how it can monitor WSIS follow-up. The Digital Opportunity Index is relevant for policy-makers, regulators, academics, public and other stakeholders with an interest in telecommunications and development.

To find out more, please click here.

Monday, October 16, 2006 5:37:10 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 12, 2006

As a result of a British documentary, India is now under pressure to strengthen its laws combating data theft and other electronic crimes in the country. Amendments to India’s IT Act of 2000 have been proposed and should be enacted by the national parliament in its upcoming winter.

Read the full Information Week article here.

See also Department of Information Technology, Ministry of Communication and Information Technologies for more information.

Thursday, October 12, 2006 8:47:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, October 11, 2006

An Open Event on "Security and Identity Management in a Federated World" was held on 2 October 2006, hosted by the Ecole Polytechnique Federale de Lausanne (EPFL) in collaboration with Sun Microsystems. Speakers included Sun Microsystems' John Gage and Liberty Alliance's Hellmuth Broda. ITU's Lara Srivastava participated in the event and spoke on "the problem of identity in networked spaces". Her presentation is available here.

The subject of digital identity will be examined more closely in the forthcoming 2006 ITU Internet Report entitled "digital.life", to be released at ITU Telecom World 2006, 4-8 December 2006 (Hong Kong, China).

 

Wednesday, October 11, 2006 9:29:16 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 10, 2006

Three of the world's leading Internet Exchange Points (IXPs), AMS-IX, DE-CIX and LINX are hosting the first European Peering Forum on 29-30 November 2006 in Frankfurt, Germany.

Sponsored by Foundry Networks and IXEurope, the event is designed to bring together representatives from the respective IXP member organisations to discuss all aspects of peering from negotiating to operations. (Peering is a cost neutral arrangement between two Internet Service Providers (ISPs) to exchange Internet traffic. It is undertaken to reduce costs and provide more direct routing of that traffic.)

For more information on the event see the European Peering Forum website.

This story was accessed through Total Telecom.

Tuesday, October 10, 2006 2:36:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The OECD's Information, Computer and Communications Policy Committee (ICCP) organised a one-day international Forum on "Next Generation Networks: Evolution and Policy Considerations", which was held on Tuesday, 3 October 2006 in Budapest, Hungary.

For more information about the event see the OECD website.

Tuesday, October 10, 2006 2:28:18 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A recent BBC article shows how vulnerable XP Home really is. "Using a computer acting as a so-called 'honeypot' the BBC has been regularly logging how many potential net-borne attacks hit the average Windows PC every day. With a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet."

The majority of the incidents were merely nuisances. "Many were announcements for fake security products that use vulnerabilities in Windows Messenger to make their messages pop-up. Others were made to look like security warnings to trick people into downloading the bogus file." "However, at least once an hour, on average, the BBC honeypot was hit by an attack that could leave an unprotected machine unusable or turn it into a platform for attacking other PCs. Many of these attacks were by worms such as SQL.Slammer and MS.Blaster both of which first appeared in 2003. The bugs swamp net connections as they search for fresh victims and make host machines unstable. They have not been wiped out because they scan the net so thoroughly that they can always find another vulnerable machine to leap to and use as a host while they search for new places to visit."

Read the full BBC story.

This article was accessed through Slashdot.

Tuesday, October 10, 2006 8:35:58 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 09, 2006

Wired News in an article brings attention to the insecurity of some of the new technologies online. “VOIP and Ajax -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference.”

"Voice over internet protocol is going mainstream, available to consumers and increasingly replacing the private phone systems in businesses of all sizes. Like the traditional phone, a VOIP call is broken into two parts, or channels. The first is signaling, which negotiates things like when to start and stop a call, what to do if another call comes in, and what to do if something about the call changes. The second part is media, the bit where we talk. In most VOIP systems neither of these channels is actually encrypted."

"According to Dustin Trammell, VOIP security researcher at Tipping Point, this leaves most VOIP calls vulnerable. Calls can be hijacked without either party's knowledge anywhere along the route over the net that connects the call, and nearly all VOIP systems can fall victim to signal-channel attacks that can fake caller ID, degrade call quality, end calls suddenly, and crash the end device -- either your VOIP phone or computer. Internet telephony can even fall victim to denial-of-service attacks that flood a phone with fake requests to start a call, rendering it useless."

Read the full Wired News article on VOIP and AJAX security issues.

Monday, October 09, 2006 12:01:54 PM (W. Europe Standard Time, UTC+01:00)  #     |