International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Wednesday, November 28, 2007

ITU, in collaboration with the Ministry of Communications and Information Technology of the Republic of Indonesia, is hosting a workshop on 28-30 November 2007 entitled ITU Regional Workshop on ICT Applications for Rural Communication Development. The workshop is held in Bali, Indonesia.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants are available on the event website.

Wednesday, November 28, 2007 1:52:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Information and communications technologies (ICTs) are contributing to climate change, but can also provide problem-tackling tools, as the United Nations News Centre reported from a conference on the impact of ICTs on climate change organized by the UN Global Alliance for ICT and Development and AIT Global Inc., a global association of management and information technology professionals,on 27-28 November.

Experts and industry leaders highlighted that servers, personal computers and monitors account for more that 60 per cent of global ICT-related carbon emissions, and that product design, manufacturing and internal operations would be essential to minimizing emissions. Even though the paperless office environment has not yet been achieved, industry could develop energy-efficient appliances that shut down automatically when not being used. ICT could also improve the energy efficiency of all economic sectors, for example diagnosing the carbon emissions of products or processes and suggesting their redesign.

To read the full article, click here.

Wednesday, November 28, 2007 10:55:57 AM (W. Europe Standard Time, UTC+01:00)  #     | 

ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.

For further information, read ENISA's press release or access the full ENISA Position Paper.

Wednesday, November 28, 2007 10:00:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 27, 2007

USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.

The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."

Read the full article here.

Tuesday, November 27, 2007 2:23:14 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 23, 2007

A new research paper on the Russian Business Network (RBN), Russian Business Network - Additional Analysis, by David Bizeul has recently been published online. Bizeul spent the past three months researching the RBN, a virtual safe house for Russian criminals responsible for malicious code attacks, phishing attacks, child pornography and other illicit operations.

To read the paper, visit bizeul.org.
This paper is also available at the SANS Internet Storm Center website.

Friday, November 23, 2007 9:52:59 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 19, 2007

A presentation on Infrastructure and Applications for Large-Scale DNS Data Collection by Keith Mitchell, OARC Programme Manager, Internet Systems Consortium, AusCERT given on 21 May 2007 is now available online. This presentation provides an introduction to Internet Domain Name System (DNS), background information on OARC, and a wealth of domain statistics from OARC. The "Day in the Life of the Internet" (DITL) research project which aims to improve "network science" by building up baseline of regular Internet measurement data over 48-hour periods was also discussed as well as a case study on the Root Server DDoS Attack on 6 February 2007. For more information, visit the OARC website.

Monday, November 19, 2007 9:34:22 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, November 14, 2007

The Background Information on ITU Botnet Mitigation Toolkit is now available online and may be accessed on the ITU ICT Applications and Cybersecurity (CYB) Division's Botnet page. A Powerpoint presentation of the Project Overview is also available. For more relevant information, visit the CYB website.

Wednesday, November 14, 2007 4:17:51 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The UN International Strategy for Disaster Reduction (ISDR) on 15 November 2007 is launching PreventionWeb.net, a new website for increasing knowledge-sharing on natural disaster risk reduction issues. The website will feature news reports, publications, fact sheets, examples of best practices and country reports targeted to both the general public and specialists. Users can also search for information related to disaster risk reduction such as early warning, climate change, health, education, etc.

For more information, please click here.

Wednesday, November 14, 2007 2:53:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 13, 2007

The U.S. Center for Information Technology Leadership (CITL) conducted a study on The Value of Provider-to-Provider Telehealth Technologies. Assuming some specific healthcare settings such as emergency departments, correctional institutions, nursing homes and physician offices the cost-benefit analysis focused on three technology systems, i.e. store-and-forward, real-time video, and a hybrid model combining the first two.

The CITL study found that benefits outweighed costs for all three systems, but the research organization recommends the hybrid model as the most cost-effective one for the U.S. The report is available at citl.org.

Tuesday, November 13, 2007 5:04:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.

Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.

The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.

To read the full article, visit the Los Angeles Times.
Related article also availabe here.

Tuesday, November 13, 2007 2:22:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 12, 2007

Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.

Monday, November 12, 2007 9:57:14 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 09, 2007

The International Telecommunication Union (ITU) organizes the first conference in the ITU Arab region on "Sharing experience on best practices in ICT services for persons with disabilities", in cooperation with the Regional Office for the Eastern Mediterranean of the World Health Organization (WHO/EMRO). The conference will take place in Cairo (Egypt) on 13 - 15 November 2007 under the auspices of the Ministry of ICT of the Government of Egypt and H. E. the Minister Dr. Tarek Kamel.

The conference is open to administrations, policy makers, regulators, and all industries involved in the development of dedicated information and communication technologies (ICTs) for persons with disabilities in addition to physicians and doctors from the public health sector. The main objective of the conference is to raise awareness on the importance of accessibility to all, including persons with disabilities, to ICTs.

For more information, please click here.

Friday, November 09, 2007 10:18:41 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, November 08, 2007

Baltimoresun.com reports on Bush's announcement of a plan to prevent cyberspace attacks on U.S. interests. A $154 million budget was requested as preliminary funding for the initiative, which current and former government officials say is expected to become a seven-year, multibillion-dollar program to track threats in cyberspace on both government and private networks. Lawmakers who recently received briefings on the initiative, however, continue to have many questions, and some remain concerned about the legality of the program and whether it provides sufficient privacy protections. According to a former government official familiar with the proposal, the total start-up costs of the program are about $400 million. "The proposal 'will enhance the security of the Government's civilian cyber networks and will further address emerging threats,' Bush wrote to Congress as part of his request for additional money for cyber security and other counterterrorism measures. The initiative would first develop a comprehensive cyber security program for the government and then do the same for private networks, the former government official said."

Read the full article here.

Thursday, November 08, 2007 11:29:37 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Email Submission Operations: Access and Accountability Requirements by Carl Hutzler, Dave Crocker, Pete Resnick, Eric Allman, and Tony Finch has recently been released as Best Current Practice (BCP) 134. This document provides recommendations for constructive operational policies between independent operators of email submission and transmission services to mitigate the propagation of spam and worms. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. For more information, click here.

Thursday, November 08, 2007 9:41:50 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 06, 2007

According to the Government Accountability Office (GAO), the government's infrastructure sectors' plans lack protection against cyberattacks and disaster, pointing out that none of the sectors included all 30 cybersecurity criteria, such as key vulnerabilities and measures to reduce them. Among the 17 sectors of the government, information technology and communications had the strongest cybersecurity plans, and the agriculture, food and commercial sectors were the least comprehensive, according to David Powner, director of GAO's information technology management issues.

The Homeland Security Department provided a national plan last year for the sectors as a guide for their individual plans. Greg Garcia, DHS’ assistant secretary for cybersecurity and communications, said that DHS acknowledged the shortcomings based on GAO's findings, but he explained that these sector plans, released in May, represent only early efforts. Garcia further added that "sectors are not meant to be uniformly comprehensive in their cybersecurity efforts, and they must balance cybersecurity risk against other risk management efforts and unique aspects of their infrastructure 'based on its dependence on cyber elements.'" GAO recommended that DHS fully address the cybersecurity criteria by September 2008.

Read full article here.

Tuesday, November 06, 2007 4:32:43 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."

Read the full article on InfoWorld.

Tuesday, November 06, 2007 10:17:27 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 05, 2007

"Buses equipped with wi-fi are being used to deliver web content to remote rural villages in the developing world. In rural India and parts of Rwanda, Cambodia and Paraguay, the vehicles offer web content to computers with no internet connection." United Villages is an initiative that provides communties in Asia, Africa, and Latin America with a digital access to locally-relevant products and services using a low-cost, store-and-forward "drive-by WiFi" technology. Mobile Access Points (MAPs) are installed on existing vehicles (e.g. buses and motorcycles) and automatically provide access for WiFi-enabled Kiosks along the roads. Whenever a MAP is within range of a real-time wireless Internet connection, it transfers the data from and for those Kiosks. The United Villages project also allows users to request specific information or content for a few additional rupees. The wi-fi vehicles also deliver as well as collect e-mails, and brings e-Commerce to the villagers.

Read the full article on BBC News.
More on United Villages on their website.

Monday, November 05, 2007 4:33:37 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The article, Myth of privacy busted; Web advertisers scan e-mails, by Louise Story published on the International Herald Tribune, reports on the issue of online advertisers probing on privacy for marketing puposes. "At a meeting of the U.S. Federal Trade Commission about online privacy Thursday, the regulator's commissioner, Jon Leibowitz, said the agency would be exerting a tighter grip over online advertising. Leibowitz said that rules about the privacy policies of sites may need to be established... But some people from the online industry said the FTC should stay out." According to Randall Rothenberg, president and chief executive of the Interactive Advertising Bureau, if the FTC regulates online advertising, this could limit recent ''extraordinary pattern of innovation.''

After eight years since the FTC's public workshop on the use of consumer data in online ads, a lot of the hypothetical scenarios described back then are now a widespread reality. However, many executives in the advertising industry do not see anything wrong with online targeting, arguing that the practice benefits consumers, who see more relevant ads. They add further that for consumers, providing some innocuous personal data is a small trade-off for free access to the rich content of the Internet, much of which is ad-supported. A growing concern, even among online companies, about what information is being used to deliver ads to people is quite evident however.

''The market is getting edgier and edgier, and what is accepted in the marketplace gets dodgier and dodgier,'' said Martin Abrams, the executive director of the Center for Information Policy Leadership. ''We have really moved to a world where we say consumers need to police the market, and, increasingly, it is a harder world to police.''

Read the full article here.

Monday, November 05, 2007 12:37:03 PM (W. Europe Standard Time, UTC+01:00)  #     | 

After the infamous Estonian cyberattack early this year, CyTRAP Labs proposes the 7 lessons learnt from the attacks, and points out how Estonia responded accordingly to these issues. Among the lessons and issues pointed out were:

  1. Critical incidence response matters, which suggests the need to have a systematic and clearly understood procedure in place that allows a quick identification of what a critical incident response is and what kind of responses must be invoked rapidly (i.e. automatisms) to have a chance to defend against an emerging threat. Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.
  2. The need for the team to make critical decisions fast. In Estonia, it was decided to protect certain systems. Once those were identified, all connections to those systems from outside the country were blocked. In addition, efforts were undertaken to lure away attackers from critical systems those that were less critical ones.
  3. Critical infrastructure can mean something different. For Estonia, where much business is being done on the net, critical infrastructure meant financial and communication services by private business were under attack and these are critical to the country’s well-functioning economy. Soon after 27 April 2007, people were unable to buy such essentials as gas and groceries using their payment cards.This is in contrast to what we usually accept as being critical infrastructure, namely electricity and transportation networks.
  4. No new attack techniques emerged. The level of traffic was not surprising and the mitigation tactics used were tried and true. But what will happen if the attackers are using fast-flux networks or DNS amplification attacks?
  5. Coordination is vital. All the above can be further complicated if the defense has to be coordinated in real time with several hundred or thousands of ISPs. As Estonia’s experience illustrates, coordination and cooperation with a centralized incident response is critical to achieve success. This was the case with CERT-EE working closely with private ISPs and banks, etc. Unfortunately, in many countries such centralized approach will be difficult to achieve unless the right things are put in place now.
  6. Trusted social networks as the key to coordinate a successful response. Even CERT-EE needed help and support from others, and social networks came in handy. How else can one convince an ISP in another country to take off a server that is part of a fast-flux network? Developing trust takes time and effort while both parties have to give. A certain degree of sharing or disclosure may result in further growth of trust needed to defend better next time.
  7. Post mortem analysis - learning to improve. Without analyzing past events learning cannot occur. The challenge with the Estonian example is that other countries must learn from the Estonian experience. This type of international collaboration must be improved beyond government CERTs. Hence, without getting the major ISPs and financial institutions involved in other countries, post mortem analysis might not help us much in preparing for the next attack of this kind or worse.

This list was made in reference to the presentation of Hillar Aarelaid, eSStonia - the case of the Estonian DDoS attacks, given at the GovCERT.NL IT Security Symposium, Response & Responsibility, in Noordwijk, Netherlands.

Read the full article here.

Monday, November 05, 2007 11:27:54 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The House of Lords Science and Technology Committee recently states that the UK government has failed to understand the threat to the continued growth of the internet posed by cybercrime as evident in their response to the committee's report on personal internet security, published on 10 August. The Lords' report had warned of the danger that public confidence in the internet would be lost, due to "perception that the internet is a lawless 'Wild West'." In the government's reply, presented to Parliament on 24 October, the government rejected this as well as the recommendation that there should be a data-breach notification law to provide businesses with incentives to take better care of customer data. According to the government, this kind of law that forced companies to admit when they had been the victims of cybercrime does not prove to be effective, but reassures businesses that they will consider finding "more formal ways" of reporting security breaches to the Information Commissioner's Office (ICO) "when problems arise". The government also rejected calls for software and hardware vendors to be liable for the security of their products, and for banks to guarantee e-fraud refunds.

Read the full article at ZDNet.co.uk.

Monday, November 05, 2007 10:22:34 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 02, 2007

Wiley InterScience recently launched the journal Security and Communication Networks.

A call for papers has been opened for its special issue focusing on Clinical Information Systems Security, which addresses the need for a secure and trusted computerized approach in managing personal health information, both from a demand and supply side.

The topics of interest in this special issue include, but are not limited to:

  • Authentication techniques for CIS
  • Authorization mechanisms and approaches for patient-centric data
  • Public Key Infrastructures to support diverse clinical information environments and networks
  • Cryptographic protocols for use to secure patient-centric data
  • Secure communication protocols for the communication of clinical data
  • Wireless sensor networks security
  • Body sensor networks security
  • CIS Database security
  • Interoperability across diverse CIS environments (national and multilateral)
  • Government and international regulatory and compliance requirements

For more information on submission, dates and peer review, please visit Insecure.org.

Friday, November 02, 2007 12:45:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Researchers at the U.S. Department of Energy's Pacific Northwest National Laboratory, together with other partners, demonstrated how using information and communication technologies (ICTs) and telecommunications networks could result in considerable savings in power-grid infrastructure and electricity consumption, reported the Network World on 22 October.

The test network allowed consumers to select their usage preferences via a web portal. Smart controls-based devices such as virtual thermostats were interconnected with a service-oriented architecture (SOA) through middleware, and using broadband internet. The so-called GridWise project showed that both the power demand at the SOA electricity marketplace could be managed more evenly and customers were in better control of their energy consumption.

For more information on the project, please click here.

Friday, November 02, 2007 11:36:38 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The 2008 Workshop on the Economics of Information Security (WEIS), founded on "a strong and growing interdisciplinary tradition, bringing together information technology academics and practitioners with social scientists and business and legal scholars to better understand security and privacy threats," will be held on 25-27 June 2008 in Hanover, New Hampshire. This workshop will be hosted by the Center for Digital Strategies at Dartmouth College's Tuck School of Business, in partnership with the Institute for Information Infrastructure Protection (I3P). For more information about this event, visit the WEIS 2008 website.

Friday, November 02, 2007 9:16:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 30, 2007

A bogus email is circulating claiming to be from the Federal Trade Commission and referencing a "complaint" filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments. This mailcious email appears to have a phony sender’s address, "frauddep@ftc.gov" and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to spam@uce.gov and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.

More information on this spam report at the Federal Trade Commission website.

Tuesday, October 30, 2007 5:39:00 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 29, 2007

The United Nations International Fund for Agricultural Development (IFAD) last Friday launched a project aimed at helping farmers in Gabon diversify their incomes by developing and marketing new products from staple crops and by obtaining better access to value chains for products with significant market potential. The project aims to directly benefit 28,000 farmers, half of whom are women and a third young people.

Through training, farmer exchange visits and a new market information system, the project will also help farmers’ organizations better defend the economic interests of their members and market their goods more efficiently, according to IFAD's press release.

Monday, October 29, 2007 4:43:49 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The Global Fund To Fight AIDS, Tuberculosis and Malaria launched a new website, MyGlobalFund.org, to foster sharing of best practices in the fight against the three pandemics; spreading ideas and stimulating research; and encouraging partnerships.

For more information on the Global Fund, please click here.

Monday, October 29, 2007 3:07:31 PM (W. Europe Standard Time, UTC+01:00)  #     | 

World War 2.0, a news video on Wired Science, presents the realities of internet warfare and how a botnet attack against Estonia might have been a manifestation of this new war technique. Botnets are so powerful, and hackers are very skilled and experienced that they can "destroy servers of a whole state." Josh Davis traced back when the attack against Estonia started and how security officials in Estonia fought back. Bill Woodcock, founder of Packet Clearing House, provides a brief explanation on how a botnet operates and how the attack against Estonia happened. Jaak Aaviksoo, Estonian Defense Minister, Ago Väärsi, technical manager at Postimees.ee, and Hillar Aareland, head of the Estonian CERT, were also interviewed as well as Russian internet security expert Emin Azizov and IT director of the United Civilian Front Eugeni Grigorian. Learn more about the attack by watching the video report here.

Monday, October 29, 2007 10:24:20 AM (W. Europe Standard Time, UTC+01:00)  #     |