International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Wednesday, November 14, 2007

The Background Information on ITU Botnet Mitigation Toolkit is now available online and may be accessed on the ITU ICT Applications and Cybersecurity (CYB) Division's Botnet page. A Powerpoint presentation of the Project Overview is also available. For more relevant information, visit the CYB website.

Wednesday, November 14, 2007 4:17:51 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The UN International Strategy for Disaster Reduction (ISDR) on 15 November 2007 is launching PreventionWeb.net, a new website for increasing knowledge-sharing on natural disaster risk reduction issues. The website will feature news reports, publications, fact sheets, examples of best practices and country reports targeted to both the general public and specialists. Users can also search for information related to disaster risk reduction such as early warning, climate change, health, education, etc.

For more information, please click here.

Wednesday, November 14, 2007 2:53:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 13, 2007

The U.S. Center for Information Technology Leadership (CITL) conducted a study on The Value of Provider-to-Provider Telehealth Technologies. Assuming some specific healthcare settings such as emergency departments, correctional institutions, nursing homes and physician offices the cost-benefit analysis focused on three technology systems, i.e. store-and-forward, real-time video, and a hybrid model combining the first two.

The CITL study found that benefits outweighed costs for all three systems, but the research organization recommends the hybrid model as the most cost-effective one for the U.S. The report is available at citl.org.

Tuesday, November 13, 2007 5:04:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.

Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.

The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.

To read the full article, visit the Los Angeles Times.
Related article also availabe here.

Tuesday, November 13, 2007 2:22:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 12, 2007

Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.

Monday, November 12, 2007 9:57:14 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 09, 2007

The International Telecommunication Union (ITU) organizes the first conference in the ITU Arab region on "Sharing experience on best practices in ICT services for persons with disabilities", in cooperation with the Regional Office for the Eastern Mediterranean of the World Health Organization (WHO/EMRO). The conference will take place in Cairo (Egypt) on 13 - 15 November 2007 under the auspices of the Ministry of ICT of the Government of Egypt and H. E. the Minister Dr. Tarek Kamel.

The conference is open to administrations, policy makers, regulators, and all industries involved in the development of dedicated information and communication technologies (ICTs) for persons with disabilities in addition to physicians and doctors from the public health sector. The main objective of the conference is to raise awareness on the importance of accessibility to all, including persons with disabilities, to ICTs.

For more information, please click here.

Friday, November 09, 2007 10:18:41 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, November 08, 2007

Baltimoresun.com reports on Bush's announcement of a plan to prevent cyberspace attacks on U.S. interests. A $154 million budget was requested as preliminary funding for the initiative, which current and former government officials say is expected to become a seven-year, multibillion-dollar program to track threats in cyberspace on both government and private networks. Lawmakers who recently received briefings on the initiative, however, continue to have many questions, and some remain concerned about the legality of the program and whether it provides sufficient privacy protections. According to a former government official familiar with the proposal, the total start-up costs of the program are about $400 million. "The proposal 'will enhance the security of the Government's civilian cyber networks and will further address emerging threats,' Bush wrote to Congress as part of his request for additional money for cyber security and other counterterrorism measures. The initiative would first develop a comprehensive cyber security program for the government and then do the same for private networks, the former government official said."

Read the full article here.

Thursday, November 08, 2007 11:29:37 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Email Submission Operations: Access and Accountability Requirements by Carl Hutzler, Dave Crocker, Pete Resnick, Eric Allman, and Tony Finch has recently been released as Best Current Practice (BCP) 134. This document provides recommendations for constructive operational policies between independent operators of email submission and transmission services to mitigate the propagation of spam and worms. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. For more information, click here.

Thursday, November 08, 2007 9:41:50 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 06, 2007

According to the Government Accountability Office (GAO), the government's infrastructure sectors' plans lack protection against cyberattacks and disaster, pointing out that none of the sectors included all 30 cybersecurity criteria, such as key vulnerabilities and measures to reduce them. Among the 17 sectors of the government, information technology and communications had the strongest cybersecurity plans, and the agriculture, food and commercial sectors were the least comprehensive, according to David Powner, director of GAO's information technology management issues.

The Homeland Security Department provided a national plan last year for the sectors as a guide for their individual plans. Greg Garcia, DHS’ assistant secretary for cybersecurity and communications, said that DHS acknowledged the shortcomings based on GAO's findings, but he explained that these sector plans, released in May, represent only early efforts. Garcia further added that "sectors are not meant to be uniformly comprehensive in their cybersecurity efforts, and they must balance cybersecurity risk against other risk management efforts and unique aspects of their infrastructure 'based on its dependence on cyber elements.'" GAO recommended that DHS fully address the cybersecurity criteria by September 2008.

Read full article here.

Tuesday, November 06, 2007 4:32:43 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."

Read the full article on InfoWorld.

Tuesday, November 06, 2007 10:17:27 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 05, 2007

"Buses equipped with wi-fi are being used to deliver web content to remote rural villages in the developing world. In rural India and parts of Rwanda, Cambodia and Paraguay, the vehicles offer web content to computers with no internet connection." United Villages is an initiative that provides communties in Asia, Africa, and Latin America with a digital access to locally-relevant products and services using a low-cost, store-and-forward "drive-by WiFi" technology. Mobile Access Points (MAPs) are installed on existing vehicles (e.g. buses and motorcycles) and automatically provide access for WiFi-enabled Kiosks along the roads. Whenever a MAP is within range of a real-time wireless Internet connection, it transfers the data from and for those Kiosks. The United Villages project also allows users to request specific information or content for a few additional rupees. The wi-fi vehicles also deliver as well as collect e-mails, and brings e-Commerce to the villagers.

Read the full article on BBC News.
More on United Villages on their website.

Monday, November 05, 2007 4:33:37 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The article, Myth of privacy busted; Web advertisers scan e-mails, by Louise Story published on the International Herald Tribune, reports on the issue of online advertisers probing on privacy for marketing puposes. "At a meeting of the U.S. Federal Trade Commission about online privacy Thursday, the regulator's commissioner, Jon Leibowitz, said the agency would be exerting a tighter grip over online advertising. Leibowitz said that rules about the privacy policies of sites may need to be established... But some people from the online industry said the FTC should stay out." According to Randall Rothenberg, president and chief executive of the Interactive Advertising Bureau, if the FTC regulates online advertising, this could limit recent ''extraordinary pattern of innovation.''

After eight years since the FTC's public workshop on the use of consumer data in online ads, a lot of the hypothetical scenarios described back then are now a widespread reality. However, many executives in the advertising industry do not see anything wrong with online targeting, arguing that the practice benefits consumers, who see more relevant ads. They add further that for consumers, providing some innocuous personal data is a small trade-off for free access to the rich content of the Internet, much of which is ad-supported. A growing concern, even among online companies, about what information is being used to deliver ads to people is quite evident however.

''The market is getting edgier and edgier, and what is accepted in the marketplace gets dodgier and dodgier,'' said Martin Abrams, the executive director of the Center for Information Policy Leadership. ''We have really moved to a world where we say consumers need to police the market, and, increasingly, it is a harder world to police.''

Read the full article here.

Monday, November 05, 2007 12:37:03 PM (W. Europe Standard Time, UTC+01:00)  #     | 

After the infamous Estonian cyberattack early this year, CyTRAP Labs proposes the 7 lessons learnt from the attacks, and points out how Estonia responded accordingly to these issues. Among the lessons and issues pointed out were:

  1. Critical incidence response matters, which suggests the need to have a systematic and clearly understood procedure in place that allows a quick identification of what a critical incident response is and what kind of responses must be invoked rapidly (i.e. automatisms) to have a chance to defend against an emerging threat. Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.
  2. The need for the team to make critical decisions fast. In Estonia, it was decided to protect certain systems. Once those were identified, all connections to those systems from outside the country were blocked. In addition, efforts were undertaken to lure away attackers from critical systems those that were less critical ones.
  3. Critical infrastructure can mean something different. For Estonia, where much business is being done on the net, critical infrastructure meant financial and communication services by private business were under attack and these are critical to the country’s well-functioning economy. Soon after 27 April 2007, people were unable to buy such essentials as gas and groceries using their payment cards.This is in contrast to what we usually accept as being critical infrastructure, namely electricity and transportation networks.
  4. No new attack techniques emerged. The level of traffic was not surprising and the mitigation tactics used were tried and true. But what will happen if the attackers are using fast-flux networks or DNS amplification attacks?
  5. Coordination is vital. All the above can be further complicated if the defense has to be coordinated in real time with several hundred or thousands of ISPs. As Estonia’s experience illustrates, coordination and cooperation with a centralized incident response is critical to achieve success. This was the case with CERT-EE working closely with private ISPs and banks, etc. Unfortunately, in many countries such centralized approach will be difficult to achieve unless the right things are put in place now.
  6. Trusted social networks as the key to coordinate a successful response. Even CERT-EE needed help and support from others, and social networks came in handy. How else can one convince an ISP in another country to take off a server that is part of a fast-flux network? Developing trust takes time and effort while both parties have to give. A certain degree of sharing or disclosure may result in further growth of trust needed to defend better next time.
  7. Post mortem analysis - learning to improve. Without analyzing past events learning cannot occur. The challenge with the Estonian example is that other countries must learn from the Estonian experience. This type of international collaboration must be improved beyond government CERTs. Hence, without getting the major ISPs and financial institutions involved in other countries, post mortem analysis might not help us much in preparing for the next attack of this kind or worse.

This list was made in reference to the presentation of Hillar Aarelaid, eSStonia - the case of the Estonian DDoS attacks, given at the GovCERT.NL IT Security Symposium, Response & Responsibility, in Noordwijk, Netherlands.

Read the full article here.

Monday, November 05, 2007 11:27:54 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The House of Lords Science and Technology Committee recently states that the UK government has failed to understand the threat to the continued growth of the internet posed by cybercrime as evident in their response to the committee's report on personal internet security, published on 10 August. The Lords' report had warned of the danger that public confidence in the internet would be lost, due to "perception that the internet is a lawless 'Wild West'." In the government's reply, presented to Parliament on 24 October, the government rejected this as well as the recommendation that there should be a data-breach notification law to provide businesses with incentives to take better care of customer data. According to the government, this kind of law that forced companies to admit when they had been the victims of cybercrime does not prove to be effective, but reassures businesses that they will consider finding "more formal ways" of reporting security breaches to the Information Commissioner's Office (ICO) "when problems arise". The government also rejected calls for software and hardware vendors to be liable for the security of their products, and for banks to guarantee e-fraud refunds.

Read the full article at ZDNet.co.uk.

Monday, November 05, 2007 10:22:34 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 02, 2007

Wiley InterScience recently launched the journal Security and Communication Networks.

A call for papers has been opened for its special issue focusing on Clinical Information Systems Security, which addresses the need for a secure and trusted computerized approach in managing personal health information, both from a demand and supply side.

The topics of interest in this special issue include, but are not limited to:

  • Authentication techniques for CIS
  • Authorization mechanisms and approaches for patient-centric data
  • Public Key Infrastructures to support diverse clinical information environments and networks
  • Cryptographic protocols for use to secure patient-centric data
  • Secure communication protocols for the communication of clinical data
  • Wireless sensor networks security
  • Body sensor networks security
  • CIS Database security
  • Interoperability across diverse CIS environments (national and multilateral)
  • Government and international regulatory and compliance requirements

For more information on submission, dates and peer review, please visit Insecure.org.

Friday, November 02, 2007 12:45:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Researchers at the U.S. Department of Energy's Pacific Northwest National Laboratory, together with other partners, demonstrated how using information and communication technologies (ICTs) and telecommunications networks could result in considerable savings in power-grid infrastructure and electricity consumption, reported the Network World on 22 October.

The test network allowed consumers to select their usage preferences via a web portal. Smart controls-based devices such as virtual thermostats were interconnected with a service-oriented architecture (SOA) through middleware, and using broadband internet. The so-called GridWise project showed that both the power demand at the SOA electricity marketplace could be managed more evenly and customers were in better control of their energy consumption.

For more information on the project, please click here.

Friday, November 02, 2007 11:36:38 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The 2008 Workshop on the Economics of Information Security (WEIS), founded on "a strong and growing interdisciplinary tradition, bringing together information technology academics and practitioners with social scientists and business and legal scholars to better understand security and privacy threats," will be held on 25-27 June 2008 in Hanover, New Hampshire. This workshop will be hosted by the Center for Digital Strategies at Dartmouth College's Tuck School of Business, in partnership with the Institute for Information Infrastructure Protection (I3P). For more information about this event, visit the WEIS 2008 website.

Friday, November 02, 2007 9:16:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 30, 2007

A bogus email is circulating claiming to be from the Federal Trade Commission and referencing a "complaint" filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments. This mailcious email appears to have a phony sender’s address, "frauddep@ftc.gov" and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to spam@uce.gov and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.

More information on this spam report at the Federal Trade Commission website.

Tuesday, October 30, 2007 5:39:00 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 29, 2007

The United Nations International Fund for Agricultural Development (IFAD) last Friday launched a project aimed at helping farmers in Gabon diversify their incomes by developing and marketing new products from staple crops and by obtaining better access to value chains for products with significant market potential. The project aims to directly benefit 28,000 farmers, half of whom are women and a third young people.

Through training, farmer exchange visits and a new market information system, the project will also help farmers’ organizations better defend the economic interests of their members and market their goods more efficiently, according to IFAD's press release.

Monday, October 29, 2007 4:43:49 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The Global Fund To Fight AIDS, Tuberculosis and Malaria launched a new website, MyGlobalFund.org, to foster sharing of best practices in the fight against the three pandemics; spreading ideas and stimulating research; and encouraging partnerships.

For more information on the Global Fund, please click here.

Monday, October 29, 2007 3:07:31 PM (W. Europe Standard Time, UTC+01:00)  #     | 

World War 2.0, a news video on Wired Science, presents the realities of internet warfare and how a botnet attack against Estonia might have been a manifestation of this new war technique. Botnets are so powerful, and hackers are very skilled and experienced that they can "destroy servers of a whole state." Josh Davis traced back when the attack against Estonia started and how security officials in Estonia fought back. Bill Woodcock, founder of Packet Clearing House, provides a brief explanation on how a botnet operates and how the attack against Estonia happened. Jaak Aaviksoo, Estonian Defense Minister, Ago Väärsi, technical manager at Postimees.ee, and Hillar Aareland, head of the Estonian CERT, were also interviewed as well as Russian internet security expert Emin Azizov and IT director of the United Civilian Front Eugeni Grigorian. Learn more about the attack by watching the video report here.

Monday, October 29, 2007 10:24:20 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 26, 2007

John E. Dunn of Techworld reports on the Austrian Police's intention to use specially-crafted Trojans to remotely monitor criminal suspects.

"According to reports in Austrian media, the minister of justice Maria Berger, and Interior Minister Gunther Plater, have drafted a proposal that will be amended by legal experts and the cabinet with the intention of allowing police to carry out such surveillance legally with a judge’s warrant... According to Berger, Trojans would only be used in cases of serious crime, such as terrorism and organised racketeering. The Swiss authorities have declared the intention of using the same controversial technique, but only in cases of the most extreme nature, such as terrorism... The Austrian, German and Swiss governments have yet to explain how they would circumvent security programs that might be used by criminals to protect themselves, whether this would involve collusion with security software companies, and what would happen if such software-busting Trojans were subsequently reverse engineered and deployed by criminals themselves."

Read the full article on Techworld.

Friday, October 26, 2007 9:21:01 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 22, 2007

Brandon Enright, a network security analyst at University of California, San Diego, recently presented his findings at the Toorcon hacker conference in San Diego indicating the steady shrinking of the Storm Worm Botnet. According to Enright, it is now about 10 percent of its former size. Enright has been tracking Storm since July. "He has developed software that crawls through the Storm network and he thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer." Enright asserts that the numbers are far less terrifying though saying that in July, Storm appeared to have infected about 1.5 million PCs with 200,000 of which being accessible at any given time. He said that "a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

According to Enright, the Storm Worm botnet started to dwindle in July when antivirus vendors began stepping up their tracking of Storm variants and got a lot better at identifying and cleaning up infected computers. With Microsoft's added Storm detection (Microsoft's name for Storm's components is Win32/Nuwar) into its Malicious Software Removal tool available with every Windows system, which was released on September 11, Storm infections dropped by another 20 percent overnight. Enright's most recent data counts 20,000 infected PCs available at any one time, out of a total network of about 160,000 computers.

To read the full article, click here.

Monday, October 22, 2007 2:18:55 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The International Herald Tribune reports on Russian hackers being one of the biggest threats to internet security.

"Internet security experts say that only the United States and China rival Russia in hacker activity. But Russia has only 28 million Internet users, according to rough estimates, compared with 210 million in the United States and 150 million in China, meaning that Russia has a higher percentage of scammers. VeriSign, the Internet services company, considers Russian hackers to be the worst, in part because they tend to have ties to organized crime outfits that embezzle money with stolen bank and credit card information... While the West has complained about Russian laws and enforcement, some Russian officials take issue with the criticism. Aleksei Likhachev, a member of Parliament, acknowledged that there had been fewer criminal cases in Russia than elsewhere, but said officials were still learning how to conduct such inquiries. 'It is just that this work is much younger and much less developed in Russia,' he said."

Read the full article, Russian hackers: On the right side of soft laws.

Monday, October 22, 2007 1:49:54 PM (W. Europe Standard Time, UTC+01:00)  #     | 

After Japan's Internal Affairs and Communications Ministry signed a joint statement with the German Federal Economics and Technology Ministry in July, Japan continues to exert concerted effort to tackle the issue of spam. "The ministry has regularly exchanged opinions on the issue at multilateral meetings, such as those of the International Telecommunication Union and the Asia-Pacific Economic Cooperation Conference... France and other countries, with which Japan has established a close partnership on the issue, have gone a step ahead of Japan by introducing an "opt-in" system, under which people are not permitted to send ad e-mails without the prior consent of the people to whom they intend to send them." Opinions concerning fines and punishment for spammers appear to be quite divided among countries though with some countries charging heavier fines than others.

Read the full article here.

Monday, October 22, 2007 1:02:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 

An article on CIO, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, provides a detailed account of Don Jackson's discovery of Gozi, 76service.com and the new online crime economy. It also illustrates the evolution of online crime from trojans to sophisticated networks selling bot services. Don Jackson is a security researcher for SecureWorks, one of dozens of boutique security firms that have emerged to deal with the Internet security. From an executable file, Gozi, that Jackson discovered on a friend's computer, he was led to this professionally-run business-like network, later identified as the 76service.com, where he uncovered a "3.3 GB file containing more than 10,000 online credentials taken from 5,200 machines—a stash he estimated could fetch $2 million on the black market." It was also mentioned that "Lance James’ company Secure Science discovers 3 million compromised login credentials—for banks, for online email accounts, anything requiring a username and password on the Internet—and intercepts 250,000 stolen credit cards. On an average week, Secure Science monitors 30-40GB of freshly stolen data, 'and that’s just our company,' says James."

Read the full account of Don Jackson on the CIO website.

Monday, October 22, 2007 11:31:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Economist.com recently features a report discussing innovation and how industries have become more open to and involved with it. Among these industries are the automotive and the IT industries. Larry Page, co-founder of Google, "had earlier hosted a gathering of leading environmentalists, political thinkers and energy experts to help shape an inducement to get things moving: the Automotive X Prize, expected to be unveiled in early 2008." This project urges both automotive and IT experts to develop the clean, software-rich car. "The organisers will offer at least $10m to whoever comes up with the best 'efficient, clean, affordable and sexy' car able to obtain the equivalent of 100 miles-per-gallon using alternative energy."

The article further discusses the current situation regarding Research and Development around the world, and continues to stress the importance of innovation. "Analysis done by the McKinsey Global Institute shows that competition and innovation (not information technology alone) led to the extraordinary productivity gains seen in the 1990s. 'Those innovations—in technology as well as products and business processes—boosted productivity. As productivity rose, competition intensified, bringing fresh waves of innovation,' the institute explains."

Read the full article here.

Monday, October 22, 2007 10:06:41 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 18, 2007

On an interview with Interpol by CNN, Kristin Kvigne, assistant director of Interpol's trafficking in human beings unit, discussed how Interpol currently addresses the growing concern on child pornography and child abuse online. A brief rundown on investigations related to the recently identified child pornographer Christopher Paul Neil was also discussed. According to Kvigne, the latest technological tools utilized by Interpol have greatly aided in the progress of their on-going investigation and manhunt. The Interpol officer further stressed that "Interpol has got great tools in place for preventing people with prior convictions, et cetera, to enter into countries unknown. Countries can use the notice system that Interpol has in alerting other countries as to their traveling potential sex offenders. And Interpol would like to see that used more by law enforcement globally." According to the interview, "Interpol has half a million more pictures of child sex abuse. In fact, more than half a million, with maybe 10,000 or 20,000 kids in them -- 10,000 or 20,000 victims. They've rescued roughly 600." More on Interpol related news here.

Incidentally, Facebook, a popular social networking website, recently expressed its renewed efforts to protect its users from online predators. "The precautions will include a new safety disclosure for parents and a more efficient complaint process to report unsolicited sexual advances and inappropriate content, New York Attorney General Andrew Cuomo announced Tuesday at a news conference. Facebook will also allow an independent examiner -- chosen and paid for by the company, but approved by the attorney general -- to report on its compliance for the next two years." According to CNN, this recent announcement followed an investigation into Facebook launched by Cuomo wherein tests conducted by investigators "revealed 'significant defects' in safety controls and the company's response to complaints." Read the full article on the CNN website.

Thursday, October 18, 2007 9:32:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 

BBC Hardtalk interviewed the international president of the growing UK-based Internet company, Bebo aimed at young people.  The interview tackles the current issues regarding internet security among young people on social networking sites amidst concern about numerous registered paedophiles in such websites.

More details on this interview here.

Thursday, October 18, 2007 8:45:51 AM (W. Europe Standard Time, UTC+01:00)  #     | 

A paper on wealth of Internet miscreants, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," is available online on the ICSI Center for Internet Research website. The paper discusses "an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, [the researchers] measure how the shift from “hacking for fun” to “hacking for profit” has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year."

To access the paper, click here.

Thursday, October 18, 2007 8:39:34 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 16, 2007

John Leyden recently reports on the WabiSabiLabi, an IT company providing space for auction of vulnerabilities and exploits, on The Register. According to the report, "it has exceeded expectations with the submission of more than 150 vulnerabilities in its first two months of operations." Among the vulnerabilities in the marketplace are 51 bugs in Windows, 19 flaws in Linux, 29 web application vulnerabilities, two Mac-related flaws, 10 flaws in enterprise software from SAP, and one IBM-related vulnerability. The company, however do not accept all submitted vulnerabilities. It has recently rejected 40 due to the use of "illegal methodology." Selling prices range between 100 to 15,000 euros each, and currently, 1,000 researchers have registered on the site.

Read the full article on The Register.

Tuesday, October 16, 2007 9:59:37 AM (W. Europe Standard Time, UTC+01:00)  #     |