International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Friday, August 10, 2007

The Journal Record reported on a hospital group in Oklahoma City, USA that is developing a technology program to better connect its hospitals and clinics in the metropolitan area with its seven rural hospitals. This program uses the existing hospitals’ infrastructure, and will cost USD 30,000 to develop. It will initially focus on fetal monitoring and on sharing records amongst hospitals, which will allow doctors to assist patients at different locations in remote areas. 

Read the full article here.

Friday, August 10, 2007 1:26:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, August 09, 2007

On 30 July 2007 in Berlin and 27 June 2007 in Tokyo, the Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan signed a Joint Statement expressing the following:

"Information and Communications Technologies (ICT), including the Internet, are key enablers in the development of the economies in both Germany and Japan. Spam poses a potential threat to this economic development. It must be made clear that spam has no legitimate role in the German or Japanese e-economy.

The Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan see mutual benefit in strengthening friendship and cooperation between their two countries through cooperation concerning anti-spam policies and strategies. The aim is to support international cooperation in and among a variety of organizations such as the Organization for Economic Cooperation and Development, the International Telecommunication Union, the United Nations Conference on Trade and Development, the Internet Engineering Task Force, the International Consumer Protection and Enforcement Network, and the Asia-Europe Meeting.

Under this Joint Statement, cooperation in matters of mutual interest will be able to take place through the exchange of ideas, information, personnel, skills and experience and collaborative activities that will be of benefit to both sides. Because spam has implications for many groups of stakeholders, every effort will be made to ensure that all interested parties, both public and private, are consulted as appropriate. Particular areas of cooperation will include:

a) Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam;

b) Encouraging the adoption of effective anti-spam technologies and network management practices by German and Japanese Internet Service Providers and major business network managers, and further cooperation between government and private sectors;

c) Supporting German and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;

d) Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of multi-stakeholder public information and awareness campaigns to foster increased adoption of anti-spam practices and behaviours by end users in Germany and Japan;

e) Cooperating to strengthen anti-spam initiatives being considered in international fora."

To access the Joint Statement in different languages, click here.

Thursday, August 09, 2007 11:29:58 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, August 03, 2007

SRI and Georgia Tech have been working on a new tool, BotHunter, that aims to quickly locate bot traffic inside a network. "BotHunter introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection. It employs a novel dialog-based correlation engine, which recognizes the communication patterns of malware-infected computers within the network perimeter.  A government/military version of this software has been in use successfully for about a month, and a public version has recently been released. A highly interactive honeynet using BotHunter is also run by SRI. Dozens of new infections are detected each day, and the site proves to be very helpful in understanding the behavior of the received malware. It generates a list of potentially evil IP addresses and DNS queries as well."

For more information on this new software, visit the BotHunter site.

Friday, August 03, 2007 11:29:24 AM (W. Europe Standard Time, UTC+01:00)  #     | 

An Informational draft RFC by John Curran was recently published, outlining an IPv4 to IPv6 transition plan. The paper provides a clear guidance to organizations regarding specific expectations that change over time, and vary greatly by organization. A timeline of the different phases was set with the intention of allowing enough time for the necessary planning and deployment steps which each organization must undertake. The author proposes the transition to predominantly IPv6-connectivity by Januaray 2011 in response to meeting the overall requirements of allowing the Internet to scale as specified in "The Recommendation for the IP Next Generation Protocol" [RFC1752].

On the contrary, Randy Bush provides a very informative presentation, IPv6 Transition & Operational Reality, regarding the reality of such a transition. The presentation discusses the different myths about IPv4 and IPv6, the emergence of a market for IPv4 addresses, and the transition from allocation to entitlement among others.

For more background data and interesting comments from Geoff Huston, read his IPv4 Address Report or his ISP column articles on The End of (IPv4) World, and Transition to IPv6.

Friday, August 03, 2007 10:53:05 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, August 01, 2007
The UNESCO Office in Bangkok launched an interactive online forum targeted to educators, teachers, administrators, policy makers and others to foster discussions on topics relating to the use of information and communication technologies in education.
 
For more information, see ICT-in-Education online community.
 
Wednesday, August 01, 2007 12:03:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, July 31, 2007

To aid in choosing a good DNSBL, Swa Frantzen proposes at the SANS Internet Storm Center several tips and tricks in gauging which blacklists are effective. Presented as well are several criteria that must be considered by the blacklist administrators. Among the criteria they suggest are:

  • Speed of reaction
  • Selection criteria
  • Goal of the blacklist
  • Ease of getting unlisted
  • Working Email contact to get unlisted
  • Out of band contact details
  • Blocking for the right reasons
  • Duration of a block
  • Automatic delisting
  • Granularity of the block
  • Security of the blacklist provider
  • Extortion
  • Warning to those getting listed

To read the full article, click here.

Tuesday, July 31, 2007 3:57:21 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Saturday, July 28, 2007

In order to ensure transparent procurement at reduced costs in Chinese hospitals, the China Medical Equipment Association (CMEA) under the auspice of the Ministry of Health will draw up a recommended list of medical equipment to be used for purchasing decisions. The list will be based on an open and fair assessment of medical equipment considering the needs of the partners involved (including the government, hospitals and manufacturers), according to CMEA. Purchases should be made by the Ministry's International Communication and Cooperation Center.

Furthermore, China earmarked 1.2 bln yuan (about 157.9 million USD) to purchase medical equipment for hospitals in the country's poor rural areas through government procurement and public bidding. As mentioned by an official of the Ministry of Health, the list of new equipment would include electro-cardiographs, ultrasound scanners, operation beds and respiratory mechanics.

For more information, see Xinhua News Agency and here.

Saturday, July 28, 2007 11:35:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 27, 2007

A report released Monday by Government Accountability Office (GAO), a congressional research and investigation agency, reveals that cybercrime (computer crime, identity theft and phishing) costs the U.S. economy US$117.5 billion a year.

"These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment," says the report, released through the offices of Reps. Bennie G. Thompson (D-Miss.), chairman of the committee on Homeland Security, and James R. Langevin (D-R.I.), chairman of the subcommittee on Emerging Threats, Cybersecurity, Science and Technology. However, according to the lead author of the report, GAO Director of IT Management Issues David A. Powner, the staggering losses pegged to cybercrime may even be worse than estimated. "Whatever is reported by organizations, most of that will likely be underreported because of disincentives to report losses," he says.

The GAO report also acknowledges that certain personnel policies at federal law enforcement agencies may be hurting the fight against cybercrime. "[S]taff rotation policies at key law enforcement agencies may hinder the agencies' abilities to retain analytical and technical capabilities supporting law enforcement," the report observes. "In order to address the challenge of ensuring adequate law enforcement analytical and technical capabilities," it continues, "we are recommending that the Attorney General and the Secretary of Homeland Security reassess and modify, as appropriate, current rotation policies to retain key expertise necessary to investigate and prosecute cybercrime."

Read the full article at E-Commerce Times.

Friday, July 27, 2007 2:17:02 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Secure Science Corporation, in their GPCode Evolution Report, describes the more obscure, previously undocumented traits belonging to the most recent Ransom-based Trojan (known as Glamour). "The code is a modified version of the Prg/Ntos family which was detailed in depth during their Encrypted Malware Analysis in November 2006. While a majority of the functionality has not changed since then, this recent variant is distinctive enough to warrant additional research. In particular, the trojan is now equipped with the ability to encrypt a victim's files on disk. The motive for adding this feature is clearly monetary, as the victim is advised that the files will remain encrypted unless $300 is turned over to the authors, in exchange for a decryption utility." According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan.

Read more about this report on the Secure Science Blog. Access the GPCode Evolution Report here. Secure Science Corporation has also provided the source code for the decrytor and is available here.

Friday, July 27, 2007 1:08:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, July 25, 2007

More and more citizens in Singapore are using government services online, of which 98% can be accessed on a 24/7 hour basis. Such e-government services include, inter alia, online business licensing services that allow entrepreneurs to register their business online, which would result in significant company savings.

To protect Singapore's critical infrastructure from cyber attacks the government established a national cyber threat monitoring scheme in March 2007. International collaboration through computer emergency response teams (CERTS) represents another approach of combating the threats from cyberspace. Through both a public education campaign on cybersecurity and a legal environment dealing with computer misuse, spam, electronic transactions, etc. Singapore aims to increase confidence in using its e-government services.

To read the full article "S'pore: E-govt success lures cyber terrorists" by L. Tann, ZDNet Asia, click here.

Wednesday, July 25, 2007 3:48:03 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Sophos recently released its global statistics naming the top 12 spam-relaying countries for the period between April to June 2007. The US and China tops the list, while Europe, on the other hand, houses six of the top 12 countries mentioned in the statistics, which when combined, account for even more spam-relaying than the U.S. The statistics reveal as well that the overall global volume of spam rose by 9% during the second quarter, when compared to the same period in 2006.

"'While the US remains top spam dog, the latest chart emphasises the urgent need for joined-up global action to combat this growing problem,' said Carole Theriault, senior security consultant at Sophos. 'For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world. A consolidated effort is needed not only to pursue and prosecute spammers, but also to convince computer users everywhere of the importance of blocking rather than responding to spam messages. Everyone has a part to play if we are to win the global battle against spam.'"

Statistics on spam relayed by continent, however, show Asia as the top spam-relaying continent with the number of Asian nations relaying smaller amounts of spam. Europe, which topped the chart in the first quarter of 2007, has reduced its percentage by 6.6 percent and fallen to second place. Asia, North America, South America and Africa have all seen rises in spam-relaying activity.

Read the full article here.

Wednesday, July 25, 2007 9:08:27 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, July 24, 2007

A growing, sophisticated technique of propagating cyber-crime, dubbed as fast-flux service networks, has increasingly been elevating the threats we face today on the Internet. "Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations." Despite the awareness of researchers and ISPs of fast-flux for over a year now, all of the current researches on fast-flux is new.

According to the Honeynet Project & Research Alliance, criminal organizations behind two infamous malware families, Warezov/Stration and Storm, have recently adopted this so-called fast-flux service networks into their infrastructures. "The purpose of this technique is to render the IP-based block list, a popular tool for identifying malicious systems, useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.

To fight against fast-flux, "ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; 'blackhole' DNS and BGP route-injection; and monitor DNS."

Access the full article at the Dark Reading website.

Read more about fast flux service networks on the the Honeynet Project & Research Alliance's new report on the emerging networks and techniques.

Tuesday, July 24, 2007 9:06:38 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, July 23, 2007

The Africa Health Infoway is a World Health Organization (WHO) project supported by the Department for International Development (DfiD) that aims to provide a technology platform that supports the collection of sub national health data and statistics for analysis, dissemination and use to facilitate decision making in health, and strengthen capacity of African countries to use information in decision making. It is a district-based public health information network for African health which focuses on infostructure and connectivity, district health information systems, and knowledge translation into policy and action.

For more information on the Africa Health Infoway, click here.


Monday, July 23, 2007 3:31:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The OECD's Ministerial meeting on the Future of the Internet Economy has been opened to an Online Public Consultation, providing an opportunity for all stakeholders to comment on the topics and issues to be discussed at event. The public consultation is scheduled to be open until 14 September 2007, and stakeholders and players may share their views and opinions with the OECD through their Online Questionnaire.

"The Ministerial represents an opportunity for high-level stakeholders from government, business, the technical community, and civil society to consider broad social, economic and technical trends shaping the development of the Internet Economy, and to discuss policies that can respond to evolving societal needs. The participation of all players in the dialogue is important to ensure that the Ministerial is able to benefit from a wide range of viewpoints and expertise."

For more information on the public consultation, go here or visit the OECD website.

Monday, July 23, 2007 10:01:31 AM (W. Europe Standard Time, UTC+01:00)  #     | 

KPMG, a global network of professional firms providing audit, tax, and advisory services, released a report on Cross-Border Investigations: Effectively Meeting the Challenge.

KPMG, along with the research firm Penn, Schoen and Berland Associates Inc. approached multinational businesses in diverse industries around the world, and asked those charged with the responsibility for cross-border investigations within those companies how they responded to their current challenges. As the trade barriers fall and international commerce expands, and as the speed of conducting business and remitting funds increases, companies that conduct business across international boundaries are recognizing the corresponding increase in the risk of fraud and misconduct. They thus face several challenges such as taking the appropriate first steps, cultural and legal differences, investigation resources, and the availability and accessibility of electronic data.

The report proposes that an effective approach can lower the risk of the occurrence of fraud or misconduct, thus lowering the possibility of being hit with serious sanctions, can demonstrate to regulators, shareholders, stakeholders, bond-ratings agencies, and the capital markets that the business takes accountability and control seriously, thereby mitigating damage to reputations, can exhibit the business's commitment to overall corporate governance activities, and can assist in a rapid and efficient response before issues spiral beyond control.

This report aims to provide insights into possible responses to the described challenges. It points out as well that an effective cross-border investigations plan demonstrates not only an organization's sound risk management practices, but also its overall commitment to good corporate governance.

Read the full report here.

Monday, July 23, 2007 9:14:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 20, 2007

The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.

The Recommendation encourages efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.

The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.

Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.

The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.

Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.

Friday, July 20, 2007 9:58:44 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, July 19, 2007

The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.

The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.

Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.

Public submissions on the Code can be found here.

Visit the Internet Society of New Zealand website for further details.

Thursday, July 19, 2007 10:43:58 AM (W. Europe Standard Time, UTC+01:00)  #     | 

With the rise of innovative use of information and communication technologies (ICTs), the United Nations Conference on Trade and Development (UNCTAD) cites the "challenges and threats" that go with ICT development and gives emphasis on the importance of information security and risk management in chapter 5 of its Information Economy Report (IER) 2005.

The chapter elaborately presents an appreciation of the following policy points:

  • Information Security (IS) needs to be conducted from a Risk Management process perspective; managing IS from a technological, problem-response, reactive perspective is sub-optimal for firms and public institutions.
  • Information Security threats mainly come in the form of "social engineering", thus purely technology based defenses are misguided - i.e. they are the Maginot Line of cybersecurity.
  • Information Security threats regularly and easily transcend national boundaries, and thus the need for international cooperation and coordination, both at a technical and a policy level, is unambiguous.
  • Information Security policy should be a component of the national e-policy and should be appropriately incentivized to adopt a Risk Management framework through regulation.

An overview of international policy discussions on information security concludes this chapter together with a discussion of policy recommendations for Governments and some insights to future developments and relevance for intergovernmental processes and the international community.

Read the full chapter of the IER 2005 here.

Thursday, July 19, 2007 9:32:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, July 18, 2007

CRITIS'07 together with IFIP WG 11.10 on Critical Infrastructures Protection, IEEE Computer Society Task Force on Information Assurance, and Joint Research Center Ispra of the European Commission will be holding the 2nd International Workshop on Critical Information Infrastructures Security on October 3-5, 2007 at Benalmadena-Costa (Malaga), Spain. This event aims to bring together researchers and professionals from universities, private companies and Public Administrations interested or involved in all security-related heterogeneous aspects of Critical Information Infrastructures.

Speakers that will grace the event include Jacques Bus of the European Commission, INFSO Unit "Security", Adrian Gheorghe of Old Dominion University, US, and Paulo Veríssimo of Universidade de Lisboa, Portugal. A panel discussion on Resilient Critical Information Infrastructures: a myth or a realistic target? will be held as well.

Visit the CRITIS'07 site for more information.

Wednesday, July 18, 2007 3:21:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The new manual on Prosecuting Computer Crimes has been relesed by the Computer Crime & Intellectual Property Section of the United States Department of Justice in March 2007. This 53-page document discusses different cyber crimes and the corresponding penalties that are seen befit for the offenses. Definitions, background information as well as related statutes can also be found in the manual. Offenses discussed include obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. A legislative history on this subject has also been made available.

Wednesday, July 18, 2007 10:27:19 AM (W. Europe Standard Time, UTC+01:00)  #     | 

"When you've got a full-blown security breach on your hands, what do you do? If you've been smart, you'll already have a computer security incident response team -- and a plan -- in place. But many companies are too resource-strapped to have a full-blown, fully-tested incident response strategy." DarkReading proposes six steps on what to do when your security is breached.

1. Assemble an incident response team.

Experts believe that a computer security incident response team (CSIRT) must already be set up even before an event occurs. If a team is not yet in place, the company must create one quickly, and make sure all the stakeholders are there.

2. Assess the initial damage and the risk for more.

"According to BackGrounD Software, a Canadian forensics firm that does security breach damage assessment, the costs of a breach should include not only the technical costs associated with finding and fixing the breach, but also loss of productivity and loss of business. You'll need a plan that not only outlines your strategy for recovering your systems, but that includes steps for recovering customers."

3. Develop a notification plan.

An important decision to be made is who to notify when. Law enforcement, for instance, are contacted first when there is a potential crime involved. Other parties to be notified are customers that might have been affected by the incident and consultants, such as security experts or a computer forensics firm, who must be called in as early as possible.

4. Begin remediating the problem.

It is very important to fully understand the problem and its potential impact before any remediation is done. Otherwise, evidences might be damaged or the problem might aggravate. BackGrounD Software suggests, "disconnect your server(s) from the network, and if there is a potentially malicious code running, disconnect media devices as quickly as possible (i.e. disks, SAN, NAS). You never know how far the intruder has managed to get, so the faster you disconnect the equipment, the more of a chance you have to save your data." The next steps in remediating the problem then depend on the resources and skills available within the team or the company.

5. Document everything.

Experts also stress the importance of documentation as it is often overlooked. Documentation aids in recovering the affected system and in strategizing against future incidents.

6. Develop a strategy for stopping the next attack.

As DarkReading puts it, "if one attacker finds a vulnerability, there's a good chance that he may have accomplices -- or that another attacker might find the same vulnerability." Thus, it is necessary to develop a strategy to block possible holes still existing in the system.

To read the full article, access it here.

Wednesday, July 18, 2007 9:13:22 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, July 17, 2007

Gangs of hackers, who are presumed to be based in Eastern Europe, initiated various website assaults now known as "The Italian job." More than 10,000 web pages of popular web sites have been penetrated and infected by this attack, and it is believed to have started in the middle of last month. Most of the infected sites are Italian websites, but the expanse of the attacks has reached Spain and the US as well.

A "tool kit" worth $815 which is sold online in Russia was used by the hackers to embed "keylogger" codes on the computers of those who visited the sites. These codes enable the hackers to access the infected machines and track valuable user information such as bank details and passwords. The gravity of this attack has been evidently tremendous as it was aimed at established websites to steal banking identities.

David Perry, director of Trend Micro, says: "This is a paradigm shift. We can expect to see this kind of thing being replicated now for the next five or six months." He explained that the Italian job has become very effective because the bug has been particularly programmed to adapt to various types of weaknesses in computer security systems. "It looks for a wide spectrum of vulnerabilities in a computer, acting like a sort of Swiss Army knife with many different ways to pierce through the protection."

Access the full article at theage.com.au.

Tuesday, July 17, 2007 3:55:02 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Symantec recently reported that it has detected phishing sites hosted on government servers. In the last month, it has found phony sites hosted on government servers in Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia. This new disturbing trend compromises the credibilty of government-hosted sites and jeopardizes the security within government online transactions.

Basically, these phishing sites managed by data thieves are used to mimic authentic business or government sites in order to gather valuable information from users such as credit card details or account passwords. These information are in demand in the underground market, and these could easily result to identity theft or account fraud.

Government servers that are involved in low-risk jobs are often the target of this sort of scams. However, despite these servers being relatively low-risk, this still poses a problem. "Under the Federal Information Security Management Act, information technology security in the federal government is based on a philosophy of risk management. It does not aim for absolute security — which is impossible anyway — but for the proper level of security. Administrators do a risk-based assessment of their IT systems, prioritizing them by their vulnerabilities, their role in the agency’s mission and the criticality of that mission." Nonetheless, the impact and dangers of these phishing sites that are faced by the citizens should very well be considered in the process of risk-assessment as well.

Read the full article here.

Tuesday, July 17, 2007 2:46:50 PM (W. Europe Standard Time, UTC+01:00)  #     |