International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, February 12, 2008

According to the Washington Post, new research from Damballa suggests that the Storm worm has its roots in "Bobax worm," a computer worm that first surfaced as early as 2004. Bobax spread by exploiting various vulnerabilities in the Microsoft Windows operating system, and turned infected machines into spam-spewing zombies. Damballa researcher Chris Davis asserts that the Storm worm actually first surfaced in late 2006 as seen on this SANS Internet Storm Center alert on 29 December 2006. On 19 January, F-Secure reported receiving a flood of spam advertising new versions of Storm. Researchers soon discovered that all infected systems were controlled using the eDonkey peer-to-peer file (P2P) communications protocol, the same technology and networks used by millions of people to share movies and music online. Paul Royal, Damballa's principal researcher said "they basically took Bobax and made all of them become Storm victims, and then started the propagation of Storm through that method. So Storm used a big botnet to bootstrap itself, and it was the vehicle by which Storm became very popular very quickly." Damballa estimates that roughly 17,000 systems remain infected with Bobax.

Read the full article on the Washington Post.

Tuesday, February 12, 2008 11:26:52 AM (W. Europe Standard Time, UTC+01:00)  #     | 

UNCTAD Information Economy Report 2007-2008, Science and technology for development: the new paradigm of ICT, Chapter 7, Promoting Livelihoods Through Telecentres, provides a comprehensive report on the importance of telecentres in supporting sustainable livelihoods, stating that this will depend largely on their capacity to support local development and not only access to ICT.

More information at the UNCTAD website.

Tuesday, February 12, 2008 10:47:10 AM (W. Europe Standard Time, UTC+01:00)  #     | 

InSafe, the European network of Internet safety awareness nodes, holds its 5th Safer Internet Day today, 12 February 2008, dedicating some time in schools to reflect on some of the Information and Communication Technologies issues and more importantly raising awareness of them. A competition launched in October 2007 invited young people between 5-19yrs of age to share their online lives and compete for prizes. This year's theme is "Life online is what YOU make of IT." With this, the youth were encouraged to draw from their creativity to illustrate their views of the online world.

More information about the Safer Internet Day 2008 on the InSafe website.

Tuesday, February 12, 2008 9:18:16 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, February 07, 2008

The Global e-Sustainability Initiative (GeSI) recently published its third annual Progress Report 2007. GeSI shares relevant information with its stakeholders and the civil society to support the economic and technological progress on information and communication technologies (ICTs) worldwide. This report highlights GeSI’s recent work on sustainability, specific accomplishments in climate change mitigation, managing supply chains, determining materiality, reducing e-waste, and leading public policy.

With support by the United Nations Environment Programme (UNEP) and the International Telecommunication Union (ITU), GeSI is dedicated to the sustainable development of the ICT sector. For more information on GeSI's activities, click here.

Thursday, February 07, 2008 6:46:02 PM (W. Europe Standard Time, UTC+01:00)  #     | 

With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.

"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"

Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."

Read the full article on The Guardian.

Thursday, February 07, 2008 2:50:42 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, February 06, 2008

The European Journal of ePractice yesterday published its second issue on "New e-ways of doing the Government's job" with some case studies that show Administrations are willing to experiment. From interoperability, to Radio Frequency Identification (RFID) via online portals to bridging the digital gap, public actors take home important insights every day thanks to e-Government applications and services. The second issue of this journal includes topics of interest in e-Government such as:

  • Interoperability and the exchange of good practice cases
  • Using online auctions to sell surplus property
  • Some best practices in e-Government
  • Using RFID in healthcare organizations
  • Example of a city library trying to bridge the digital divide

For more information on the European Journal of ePractice as part of ePractice.eu, an interactive initiative created by the European Commission, click here.

Wednesday, February 06, 2008 7:00:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Technology Review provides a detailed analysis of the recent Internet outage in the Middle East and Asia. The report recounts how the undersea cable damage largely affected the ISPs in the region as well as outsourcing companies who increasingly rely on these connections. It also briefly discusses how undersea cable repairs are done, and further emphasizes the concerns related to these kinds of damage. "In the wake of the fiber breaks, [ISP Association of India secretary R. S.] Perhar says that his organization is encouraging ISPs and companies dependent on fast connections to continue diversifying their bandwidth sources as much as possible, and to lobby for new cable to be laid." Tim Strong, analyst at Telegeography Research adds that "with more cables, it's getting better over time, but there will still be a lack of physical, geographical redundancy."

Read the full article here.

Wednesday, February 06, 2008 4:33:22 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, February 05, 2008

A presentation on "ICTs and e-Environment - Overview of BDT Scoping Study for Developing Countries" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation is based on the report "ICTs and e-Environment", which provides an overview on the contribution of information and communication technologies (ICTs) and related strategies as tools to assist developing countries in mitigating and adapting to environmental and climate change. The report will be available after final review on the division website.

Tuesday, February 05, 2008 5:32:26 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A presentation on the "Overview of ITU-D Activities Related to Cybersecurity and Critical Information" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation by Robert Shaw, head of the ICT Applications and Cybersecurity division, provides background information on cybersecurity, a case study on the recent Interent outage, key activities of ITU-D, and an outline of the Framework for Organizing a National Approach to Cybersecurity. For more information on CYB's activities involving cybersecurity, visit the division website.

Tuesday, February 05, 2008 11:09:25 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, February 04, 2008

The International Telecommunication Union (ITU) extended its call for papers for the ITU Symposia on ICTs and Climate Change to 29 February 2008.

The first symposium will be held in Kyoto, Japan (15-16 April 2008, hosted by the Ministry of Internal Affairs and Communication) and will be followed by finalizing the initial proposals at a second symposium in London, UK (17-18 June, hosted by British Telecom). These symposia will bring together key specialists in the field, from top decision-makers to engineers, designers, planners, government officials, regulators, standards experts and others. To contribute to this work, stakeholders are invited to submit an abstract, of maximum 300 words, for a paper or presentation which is relevant to one of more of the topics above.

The topics of interest at the symposia include:

  • Climate change and the impact of ICTs
  • Use of ICTs in monitoring climate change
  • ICTs for mitigating the local effects of climate change
  • ICTs and concerted action against global warming
  • ICT standardization in the field of climate change

For more information on the ITU Symposia on ICTs and Climate Change, click here. For information on ITU's e-environment activities, click here.

Monday, February 04, 2008 1:12:33 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The Global e-Sustainability Initiative (GeSI) recently commissioned a research study to assess current carbon impacts of the information and communication technology (ICT) sector and to analyse the role of ICTs in catalyzing transformation to a low-carbon economy. With a focus on both developed and emerging economies, the study aims to:

  • Deliver a globally comprehensive picture of direct and indirect carbon emissions of telecommunications, computing, services and software.
  • Define common themes across the lifecycle of ICTs, identifying critical trends, scenarios and impact assessments for the ICT sector to 2020.
  • Create a ‘road map’ to allow the ICT sector to act now on reducing global energy usage and greenhouse gas emissions.

To know more about the study, click here.

The Global e-Sustainability Initiative (GeSI) is an initiative of Information and Communications Technology (ICT) companies aimed at improving the sustainability impact of the ICT industry, and is supported by the International Telecommunication Union and the United Nations Environment Programme.

Monday, February 04, 2008 12:42:20 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, February 01, 2008

The ITU Telecommunication Standardization Sector announces the Study Group 15 tutorials on energy saving techniques to be held on 13-15 February 2008. This activity is in the context of ITU-T's efforts to address climate change issues. "A checklist for developers of standards is already under development in SG 15. The technologies considered in the list include optical transport networks and access network transport technologies such as digital subscriber line (DSL) and Gigabit-capable Passive Optical Networks (GPON). Together these technologies represent a significant consumption of energy worldwide. The idea is that the checklist is applied before the work commences, during the work and after the completion of the work. The use of the checklist should ideally be complemented by involving energy efficiency experts and users in the process."

Other topics in the tutorials include energy efficient Ethernet and opportunities and techniques for power saving in DSL and PON. Also, a general introduction to the issues surrounding ICTs and climate change, (to be addressed in two upcoming ITU Symposia on ICTs and Climate Change), and an update on the outcome of the UN Climate Change Conference in Bali, December 2007, will also be discussed.

More updates on this event on the ITU-T Newslog.
More information on ITU-D's activities involving ICTs and the environment (e-Environment) here.

Friday, February 01, 2008 2:11:17 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The recent Internet outage has left the experts speculating that there may be greater demand for telecom capacity in the future. Reports indicated difficulty with receiving data sent from the United States to countries affected by the cable damage with an average 50% increase in the time it takes to download Web sites and a 10% decrease in the availability of Web sites overall, Keynote Systems said. Abelardo Gonzalez, a product manager at Keynote, believes the damaged cable incident will spur many global companies to think about new ways of staying connected to the Web in case of emergencies. He adds that companies should look into having backup connectivity through multi-honing their ISPs or even through having a satellite uplink for last-resort connections.

The damage to the cables has raised concerns about future incidents in which a greater number of cables could experience more significant levels of destruction. Paul Polishuk, the president and chairman of the board of the IGI Group of Companies, says one problem with many of the underwater cable systems is that many of the cables join together at shared landing points that could leave large swathes of telecom infrastructure vulnerable to potential terrorist attacks. Andrew Odlyzko, the director of the University of Minnesota's Digital Technology Center, shares Polishuk's concern about the cables' vulnerability and thinks that any significant damage to cables at major landing points would have serious economic consequences as evident on the 2006 earthquakes that severely disrupted Taiwan's Internet access.

Read the full article on Network World.

Friday, February 01, 2008 10:33:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, January 31, 2008

The Guardian reports on how tens of millions of internet users across the Middle East and Asia have been left without access to the web due to a fault in a single undersea cable believed to be a major internet pipeline connecting to Europe. The outage was said to have first struck yesterday morning and has severely restricted internet access in India, Egypt and Saudi Arabia.

"The line in question runs under the Mediterranean, from Palermo in Italy to Alexandria in Egypt. It is not clear what caused the break. The cable is one of only a handful of connections, and part of the world's longest undersea cable, 24,500 miles long, running from Germany, through the Middle East and India before terminating in Australia and Japan... Egyptian officials said that around 70% of the country's online traffic was being blocked, while officials in Mumbai said that more than half of India's internet capacity had been erased, which could have potentially disastrous consequences for the country's burgeoning hi-tech industry. 'There has been a 50% to 60% cut in bandwidth,' Rajesh Charia, president of the Internet Service Providers' Association of India told Reuters."

According to the report, the outage will take several days to fix, and could have a drastic impact on communications, businesses and the hi-tech industry as well as banks and stock market trading around the region and across the globe.

More details on the digital blackout here.

Thursday, January 31, 2008 11:43:09 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Nnamdi Chizuba Anisiobi, age 31, of Nigeria; Anthony Friday Ehis, age 34, of Senegal; and Kesandu Egwuonwu, age 35, of Nigeria have pleaded guilty to charges related to spam e-mail that promised U.S. victims millions of dollars from an estate and a lottery, the U.S. Department of Justice announced Wednesday. The three were arrested in Amsterdam on Feb, 21, 2006. One of the case scenarios was an e-mail sent by the defendants to thousands of potential victims purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately US$55 million to charity. According to the DOJ, the fraud victims lost $1.2 million by giving the defendants advance fees. "Anisiobi pled guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Ehis pled guilty to one count of conspiracy and five counts of wire fraud. Egwuonwu pled guilty to one count of conspiracy, three counts of wire fraud and one count of mail fraud. The maximum penalty for mail and wire fraud is 20 years in prison. The conspiracy charge carries a maximum penalty of five years in prison." A fourth defendant, Lenn Nwokeafor, was also reported to have fled to Nigeria. He was subsequently arrested by the Nigerian Economic & Financial Crimes Commission on July 27, 2006, and is now being held by the Nigerian authorities pending extradition to the U.S..

Read the full article on The New York Times.

Thursday, January 31, 2008 9:47:59 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, January 30, 2008

The Wall Street Journal recently reports on President Bush's move to improve protection against cyberattacks. Despite promising a frugal budget proposal next month, an estimated $6 billion has been allocated to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers. "Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralyzing Wall Street is becoming possible, and that the U.S. isn't prepared. This is 'one area where we have significant work to do,' Homeland Security Secretary Michael Chertoff said in a recent interview."

Read the full article on the Wall Street Journal.

Wednesday, January 30, 2008 9:24:31 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, January 28, 2008

Net-Security.org recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.

Read the full interview here.

Monday, January 28, 2008 1:07:00 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Speech recognition technology has been an accelerating technological development and is now making its way to the mass market. Among these companies providing speech recognition technology is Vlingo Corporation. "Vlingo’s service lets people talk naturally, rather than making them use a limited number of set phrases. Dave Grannan, the company’s chief executive, demonstrated the Vlingo Find application by asking his phone for a song by Mississippi John Hurt (try typing that with your thumbs), for the location of a local bakery and for a Web search for a consumer product. It was all fast and efficient. Vlingo is designed to adapt to the voice of its primary user, but I was also able to use Mr. Grannan’s phone to find an address. The Find application is in the beta test phase at AT&T and Sprint." Other companies offering speech recognition technology to their customers include Nuance with its Nuance Voice Control system recently released last August, and Microsoft with its purchase of TellMe Networks last March. According to Opus Research, speech recognition has reached a $1.6 billion market in 2007, and they further predict an annual growth rate of 14.5 percent over the next three years. "Dan Miller, an analyst at Opus, said that companies that have licensed speech recognition technology would probably see faster revenue growth, as more consumers used the technology."

Speech recognition technology has also been available on personal computers since 2001 in applications like Microsoft Office but with a weaker following. It is also already used in high-end G.P.S. systems and luxury cars from Cadillac and Lexus, and is now spreading to less expensive systems and cars. The speech technology chief at I.B.M. Research, David Nahamoo, adds that the company has an automotive customer testing speech recognition to help drivers find songs quickly while driving. SimulScribe, on the other hand, uses speech recognition to convert voice mail into e-mail.

More on this article on the The New York Times.

Monday, January 28, 2008 11:15:19 AM (W. Europe Standard Time, UTC+01:00)  #     | 

According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent."

Read the full article on The Register.
Read relevant article on Slashdot.

Monday, January 28, 2008 9:55:20 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, January 24, 2008

E360 Insight, LLC filed a complaint against Comcast Corporation on 15 January 2008 accusing the latter of unfairly blocking e360’s e-mail from reaching subscribers. According to e360, in one typical instance, e360 received an error message stating that it’s e-mail was blocked from reaching subscribers because Comcast’s filters determined that e-mail from e360’s servers had been "sent in patterns which are characteristic of spam." According to Direct magazine's report, "the complaint claims that Comcast’s alleged interference with e360’s business relationships cost the firm $4.5 million a year from 2005 through 2007. The complaint also accuses Comcast of sending e360 bogus bounce information, causing the marketer to remove e-mail addresses from its file that were still active. The suit claims the false bounce information cost it almost $2.5 million." E360 asks for more than $12 million in compensatory damages and $9 million in punitive damages from the accused.

Read the full complaint here.

Thursday, January 24, 2008 9:39:48 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, January 22, 2008

The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. 

Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.

According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.

Read the full article on the Washington Post.

Tuesday, January 22, 2008 12:29:53 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."

According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences. 

Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.

For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.

CYB | Cybersecurity | Botnets | Malware | Spam | Media
Tuesday, January 22, 2008 12:14:37 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, January 21, 2008

Information Week reports that the CIA admitted on Friday at a New Orleans security conference that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. According to Alan Paller, director of research at the SANS Institute, CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. Information about which foreign cities were affected by the outage and other information related to the attack were not disclosed. According to Paller, a written statement from Donahue read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

The conference was on sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. Discussions also include the new SCADA, Supervisory Control And Data Acquisition, and Control Systems Survival Kit, a document of best practices for SCADA systems.

Read the full article here.

Monday, January 21, 2008 2:06:15 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, January 18, 2008

FCW.com reports that "foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst." Two cases of intrusions to the health care systems' servers have been recorded in the past year which alarmed security officials. In early 2007, a Centers for Disease Control and Prevention Web site was infected with a virus, and in April, a Military Health System server holding Tricare records was hacked. Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, said the hackers are seeking to exfiltrate health care data probably for espionage. DHS is increasing its analysis staff to monitor threats in several industries, including health care, and will be issuing more alerts about cyberthreats to health care data, he said. He added further that DHS wants to build a database of health information system intrusions so it can better analyze the threats and develop countermeasures.

More on this report here.

Friday, January 18, 2008 11:49:15 AM (W. Europe Standard Time, UTC+01:00)  #     | 

A growing concern among security companies as well as the public this year is the burgeoning market for "protection racket." The computer security industry was said to have deteriorated with one sharing everything about newly discovered weaknesses to some within it involved in a protection racket. Researchers such as Paul Henry, vice-president of technology at Secure Computing, describe this trend as "a move by a small minority of security companies now paying hackers for exclusive access to newly discovered vulnerabilities. This ensures their customers are protected while the software vendor works out a solution and rolls out a patch, a process that can take weeks." This worries security experts because hackers are now being given a so-called legitimate route of selling vulnerabilities to a single company who then protect their own. "They don't have to run the risk of going to jail any more by actually using a vulnerability, they can just threaten you with it and they get paid. It's extortion," says Henry.

Security researchers are said to be drawn to this new practice due to bad treatment from well-known software companies. Henry explains that "there have been cases where people reporting vulnerabilities to software companies have been treated terribly and threatened with legal action because the vendors just don't want to look stupid. Security researchers that have found a vulnerability won't get paid by a vendor, and if they think they actually might end up talking to their lawyers and being threatened, then it's hardly surprising they end up selling vulnerabilities to security companies."

Read the full article on The Guardian.

Friday, January 18, 2008 11:33:53 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, January 17, 2008

The UN Department of Economic and Social Affairs recently released the UN e-Government Survey 2008: From e-Government to Connected Governance, which presents an assessment of the new role of the government in enhancing public service delivery, while improving the efficiency and productivity of government processes and systems. It comprises two parts including a section which presents the findings of the UN e-Government Survey 2008 and a section focusing on the ‘how to’ approach connected governance.

For more information on the survey, visit the Global E-Government Survey 2008 website.
Access the complete survey here.

Thursday, January 17, 2008 9:18:21 AM (W. Europe Standard Time, UTC+01:00)  #     |