International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, April 22, 2008

According to China's Computer Emergency Response Team (CN-CERT)'s 2007 annual report released last week, the greatest threat to the nation's portion of the internet are Trojan horse programs and bot software. Based on CN-CERT's findings, "the number of Chinese Internet addresses with one or more infected systems increased by a factor of 22 in 2007... [and] of 6.23 million bot-infected computers on the Internet, about 3.62 million are in China's address space." The report alse reveals that "domain name registration in the nation had almost tripled in the past year, attacks that tampered with legitimate Web sites grew 1.5 times, and malicious drive-by attacks jumped 2.6 times."

The report is currently only available in Chinese.
Read the full article here.

Tuesday, April 22, 2008 2:48:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 21, 2008

Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.

Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.

Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.

Read the full news article on the ITU-T newslog.

Monday, April 21, 2008 3:08:28 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Dan Kaminsky, director of Penetration Testing IOActive, Inc., gives a presentation on wildcard and NXDOMAIN redirection services. It discusses typosquatting, DNS ad injection, and provides several examples showing how these phishing trends work. Basically, it is quite possible for non-existent domains to be created validly on any random server, and to be near undetectable. Kaminsky concludes that "even small amounts of failed net neutrality can lead to catastrophic side effects on Internet security" and that "even if everything was 100% SSL, if the ISP could require code on the box, they could still bypass the crypto, and alter the content."

Access Dan Kaminsky's full presentation here.

Monday, April 21, 2008 9:15:51 AM (W. Europe Standard Time, UTC+01:00)  #     | 

On 15 November 2006, a Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software had been released. "The Commission Communication on a Strategy for a secure Information Society aims at improving the security of network and information at large and invites the private sector to address vulnerabilities in network and information systems that can be exploited to spread spam and malicious software. The Commission Communication on the Review of the EU Regulatory Framework proposes new rules to strengthen security and privacy in the electronic communications sector." This Communication deals with the evolution of spam, and threats such as spyware and malicious software. It also takes stock of efforts made so far to fight these threats and identifies further actions that can be taken, including strengthening Community law, law enforcement, cooperation within and between Member States, political and economic dialogue with third countries, industry initiatives, and R&D activities.

Among the proposed actions in this Communication are:

  1. Member States and competent authorities are called upon to lay down clear lines of responsibility for national agencies involved in fighting spam, ensure effective coordination between competent authorities, involve market players at national level, drawing on their expertise and available information, ensure that adequate resources are made available to enforcement efforts, and subscribe to international cooperation procedures and act on requests for cross border assistance.
  2. Companies are encouraged to ensure that the standard of information for the purchase of software applications is in accordance with data protection law, contractually prohibit illegal use of software in advertisements, monitor how advertisements reach consumers and follow up on malpractice, and e-mail service providers to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering.
  3. The Commission aims to continue efforts in raising awareness and fostering cooperation between stakeholders. It also aims to continue to develop agreements with third countries including the issue of the fight against spam, spyware and malware, introduce new legislative proposals that strengthen the rules in the area of privacy and security in the communications sector, present a policy on cyber crime, involve ENISA expertise in security matters, and support research and development in its FP7 program.

With the accelerating development and spread of spam, spyware and malicious software, "the Commission is using its role as an intermediary to create greater awareness about the need for greater political commitment to fight these threats."

Read the full Communication here.
More on European Union Laws here.

Monday, April 21, 2008 8:30:25 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, April 16, 2008

A presentation on "e-Environment Opportunities for ITU " has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation was made by Robert Shaw, head of the ICT Applications and Cybersecurity division, for the ICTs and Climate Change Symposium in Kyoto, Japan on 15-16 April 2008. It discusses definitions, the ITU report on "ICTs for e-Environment", background and objectives, environmental issues, trends of ICTs for environment, the effects of ICTs, e-Environment and sustainable development, implications for developing countries, and opportunities for ITU. More relevant information on the ITU activities on climate change website and on the CYB e-Environment website.

Wednesday, April 16, 2008 8:20:36 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 14, 2008

As an input to its activities on economics of network and information security (NIS), ENISA has commissioned a study identifying barriers and incentives for NIS. The overarching aim of the report is to analyse the economic impact of NIS, to assess added value and contribution to the smooth functioning of the Internal Market for e-Communication. In February 2008, the report entitled "Security Economics and the Internal Market" by Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore was submitted to ENISA, aiming:

  • To identify existing economic barriers for addressing Network and Information Security (NIS) issues in a single, open and competitive Internal Market for e-Communication;
  • To assess these barriers’ potential impact on the smooth functioning of the Internal Market for e-Communication;
  • To identify and analyse incentives (regulatory, non-regulatory, technical, educational, etc.) for lifting these barriers identified to cause distortion of the smooth functioning of the Internal Market for e-Communication;
  • And to provide a range of recommendations to relevant actors (decision-makers both at EU and national level, industry, academia, etc.) for policy options, possible follow-up actions and initiatives.

The report identifies relevant groups of stakeholders and assesses their role and responsibilities. In addition, the report offers explanatory and where possible causal linkages.

More information on the ENISA website.
Read the full report here.

Monday, April 14, 2008 3:33:46 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The European Network and Information Security Agency, ENISA's report gives an overview on information security certifications of products, people and processes. It addresses common concepts, definitions, certifications of different types, as well as clarifies the mandatory and legal background for some certifications. It also explores the analogies and disparities between a number of existing certification schemes. Finally, it analyses current trends in certification and offers six recommendations to improve network and information security in Europe through a wider use of security certification.

Recommendations:

  1. ENISA recommends that organisations should certify their information security management systems, choose certified security products where possible and encourage information security employees to choose
    one or more appropriate personal information security certifications.
  2. Starting from ISO 27001 as the standard of choice for the certification of information security management systems in private and public organisations, the development of the complementary standards of the
    27000 family should be encouraged. However, their value must be verified on a case-by-case basis.
    The case of small or medium-sized organisations deserves particular attention.
  3. Special attention should be paid to areas where Common Criteria evaluation has become mandatory, and to the impact on the market.
    The EC should reconsider the feasibility and benefits of extending the intergovernmental Mutual Recognition Agreement on Common Criteria to all Member States as a shared tool contributing to a more secure e-Communication market.
    Government, vendors and security experts should analyse ways of building solid business models for product certification according to various schemes.
    Framework Programme 7 should consider sponsoring research to analyse the economics of the certification of products.
  4. The European Institutions should consider the feasibility of strengthening accreditation schemes related to people certification in IT security as well as a more systematic reference to recognised standards.
    The European Institutions should also encourage the development of people certification adapted to different types of professional use of IT systems, from the enduser level (Computer Driving Licence) to the most professional (e.g. IT security officer).
  5. The European Institutions should consider ways to reinforce bridges between education (schools and universities) and the certification process (private training and certificate providers) throughout a professional career.
  6. At a more individual level, ENISA recommends that the decision to seek a certificate should be based on the following questions: Do I want information security to be my certified profession? Do I want to prove that I can work in information security? Do I want to prove expertise in a very specific area of security? Or do I just want to prove IT skills which include aspects of security?

For more information, please refer to the full report.

Monday, April 14, 2008 1:44:30 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A presentation by Martin J. Levy of Tier1 Research and Josh Snowhorn of Terremark on Datacenter Power Trends - NANOG 42 Power Panel at the NANOG 42 meeting discusses colocation centre problems, how these came about, what is expected to happen, and how colo is considered the bottleneck of the Internet. As cited from the Gartner Research in 2006, "some organizations are in the unenviable position of paying more to power and cool a rack a servers than they paid for the rack and the servers themselves. Clearly things are moving out of balance." Case studies and possible solutions to these datacenter problems are also included in the presentation.

Read the full presentation here.
More on the NANOG 42 meeting here.

Monday, April 14, 2008 1:16:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 11, 2008

The first ITU Symposium on ICTs and Climate Change (15-16 April in Kyoto, Japan, co-organized and hosted by the Ministry of Internal Affairs and Communications (MIC) will be available as a webinar in order that remote participants can see and hear presentations from wherever they are in the world. Provision will also be made for remote participants to submit comments and questions. Space is limited.

Reserve your seat for

- Day 1 at https://www2.gotomeeting.com/register/862573173.

- Day 2 at https://www2.gotomeeting.com/register/540961252.

A live audio stream will be provided at: mms://stream.icckyoto.ne.jp/ict/.

Full Programme (times in JST, London -8, New York -13)

ITU Background Paper on ICTs and Climate Change

System requirements

Friday, April 11, 2008 1:29:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, April 09, 2008

In Al Gore's new slideshow on climate change posted yesterday on TED.com, he presents evidence that climate change may could be even worse than scientists were recently predicting, and challenges us to act with a sense of "generational mission" - the kind of feeling that brought forth the civil rights movement - to set it right.

Mr. Gore was awarded the Nobel Peace Prize for 2007, along with the Intergovernmental Panel on Climate Change (IPCC), "for their efforts to build up and disseminate greater knowledge about man-made climate change, and to lay the foundations for the measures that are needed to counteract such change."

Wednesday, April 09, 2008 8:28:46 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 07, 2008

A recent paper of Andrew Odlyzko of the Digital Technology Center at the University of Minnesota discusses “the Internet’s role in aggravating and alleviating the energy crises”. The article points out that, since the days of the horse-drawn coach and the penny post in England, people have believed that travel and communications would be substitutes, i.e. an increase in one would result in a decrease in the other. Nevertheless, history has shown that both travel and communications have grown in parallel with economic growth and have been complementing and stimulating each other. This has happened despite – and even because of – technological developments in each of these two areas.

One could conclude from past experience, therefore, that the Internet – as a new form of communication – would cause a continued increase in travel, leading to ever-greater consumption of energy. The article highlights, however, that there is a key difference between the current situation and the past: the very high and growing price of energy. Because of this unique context, the article concludes that the Internet - and greater broadband deployment - may actually bring about a reduction in energy consumption by helping to reduce the need for travel as well as by bringing about other efficiencies.

To read the full article, click here.

Monday, April 07, 2008 5:17:50 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 03, 2008

A report by the UK media regulator, Ofcom, has reported that 'millions of children are using social networking websites intended for older users.'

Despite the minimum age requirement  of between 13 and 14 yrs set by Bebo, MySpace and Facebook, the report found that more than 25% of UK 8-11yr olds have a social network profile.

The Home Office is due to disclose a set of guidelines for such sites involving best practice, security and privacy on Friday 4th April.

This report by Ofcom showed a "significant difference" between the perception of risks in using social network sites between parents and children.

James Thicket, director of market research, Ofcom stated, "While people are aware of the status of their profile, there is a general lack of awareness of the issues attached to them around privacy and safety". He also added, "People put aside concerns about privacy and safety believing they have been taken care of by someone else".

The lack of child protection in such social network sites is further demonstrated by the following Ofcom figures:

41% of children allowed their profile to be viewed by anyone -

16% of parents did not know if their child's profile could be seen by strangers -

The vulnerability of children (especially younger ones) to online predators cannot be ignored and Mr Thickett goes on to say,

"Children are using these sites with a far lower awareness of some of the issues and rules that these sites entail".

Ofcom  plan to monitor and review the new guidelines agreed by social networks and the Home Office.

Dr Rachel O'Connell, Bebo chief safety officer, said, "We're working with the regulatory bodies. It's critical to our business that we adhere to these guidelines".

For more information see BBC and The Guardian.

Thursday, April 03, 2008 10:27:01 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, April 01, 2008

The impact of human activities on the environment – and on climate change in particular – are issues of growing concern confronting life on Earth. Concurrently, information and communication technologies (ICTs) are being rapidly deployed around the world. Although ICTs require energy resources, they also offer opportunities to monitor, learn about and protect the environment, reduce carbon emissions, and mitigate climate change.

A scoping study on using ICTs for environmental matters has been commissioned last year by the ITU's Telecommunication Development Bureau. This ICTs for e-Environment report approaches the issues from a development perspective and is based on consultations with key actors and extensive online research. It documents current activities and initiatives and makes a set of recommendations for strengthening the capacity of developing countries to make beneficial use of ICTs to mitigate and adapt to environmental change, including climate change.

The draft report and an overview presentation are available at ITU's ICT Applications and Cybersecurity Division dealing with e-Environment matters.

For more information about ITU activities relating to climate change, click here.

Tuesday, April 01, 2008 11:30:17 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The International Telecommunication Union (ITU) issued a press release on the upcoming Symposia on ICTs and Climate Change that aim at reaching a better understanding of the relationship between information and communication technologies (ICTs) and climate change.

The International Symposia on ICTs and Climate Change, featuring high-level experts drawn from industry, government and academia as well as key writers on the topic, will seek to provide guidance to the global ICT sector on how to monitor, mitigate and adapt to climate change. The meetings will take place April 15−16 in Kyoto, Japan, co-organized and hosted by the Ministry of Internal Affairs and Communications (MIC); and 17−18 June 2008 in London, UK, supported and hosted by BT. These events will be available as a webinar so that remote participants can see and hear presentations from wherever they are in the world. Provision will also be made for remote participants to submit comments and questions.

It is estimated that ICTs contribute around 2-2.5 per cent of global greenhouse gas emissions. These percentages are likely to grow as ICTs become more widely available. At the same time ICTs can be a major linchpin in the effort to combat climate change. ICTs have the potential to serve as a potent, cross-cutting tool to limit and ultimately reduce greenhouse gas emissions across economic and social sectors, in particular by the introduction and development of more energy efficient devices, applications and networks, as well as their environmentally sound disposal. ICT can therefore be a key enabler to a low carbon economy while also promoting growth.

In December 2007, ITU representatives made a statement at the UN Conference on Climate Change in Bali, Indonesia, illustrating how ICTs are both a cause and a potential cure for climate change. UN Secretary-General, Ban Ki-moon previously underlined ITU’s role in meeting one of the most important challenges facing mankind. "ITU is one of the very important stakeholders in the area of climate change," he said. Dr Hamadoun I. Touré, ITU Secretary-General, said, "Unequivocal and authoritative scientific evidence, recent climate events and an increased public awareness have elevated climate change to the highest rungs of the political agenda — globally, regionally and at national levels. Climate change is a concern for all of humanity and requires efforts on the part of all sectors of society, including the ICT sector. ITU is committed to achieving climate neutrality and to working with our membership to promote the use of ICTs as an effective tool to combat climate change."

For more information on all ITU activities related to climate change, including e-environment, click here.

Tuesday, April 01, 2008 11:01:00 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, March 27, 2008

The Guardian newspaper reports that the first UK national strategy for child Internet safety (which includes a streamlined system for classifying  computer games and codes of practice for social networking sites) will be set out today, 27th March 2008.

This comprehensive and detailed report  carried out by child psyhologist, Dr Tanya Byron, showed that parents are worried about online predators and children are worried by cyber bullying.

One of her proposals includes new codes of practice to regulate social networking sites, such as Bebo and Facebook, and standards on privacy and harmful content.

Dr Byron states that these social networking sites should be asked to agree on codes of practice on harmful content and calls for an independent body to evaluate whether the site is meeting such standards.

She is planning to say that the online explosion has rendered parents as "...the Internet immigrants" and children as "...the Internet natives.." leaving parents lagging behind as as result of the fast past of technology.

Dr Byron is reported to have said yesterday, "Ironically parents' concerns about risk and safety of their children in the streets and outside has driven a generation of children indoors, where it could be argued they are being exposed to a whole new set of risks".

Suprisingly, the British Board of  Film Classification system fails to provide any indication about the actual content of computer games or to explain their age rating.

Full article here.

Thursday, March 27, 2008 8:29:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, March 26, 2008

The UK government is pledging action to protect teachers from bullying through mobile phones and the Internet.

During the NASUWT Annual Conference 24-27 March 2008, Secretary of State for Children, Schools and Families, Ed Balls, is expected to address union members declaring that the cyber bullying of teachers should be regarded as a "serious disciplinary offence".

A "cyber bullying taskforce" for England will be responsible for preventing teachers from being targeted by pupils.

NASUWT leaders (the largest UK wide teachers' union) want mobile phones classified as "potentially offensive weapons" as well as a ban on online allegations.  Until now the government taskforce  has focused on the effects of cyber bullying on children, but with the increasing numbers of teachers being harassed online, the situation for teachers can no longer be ignored.

The cyber bullying taskforce includes representatives from anti-bullying and children's charities, the Internet industry and teachers' groups.

The general secretary of NASUWT, Chris Keates, stated, "I am pleased the government accepts that we need strong policies in schools which focus on teachers. Increasingly, teachers' lives are being destroyed by what pupils are doing" and added, "pupils who once had to content themselves with exhibiting poor behaviour when face to face with the teacher, now increasingly use technology to support their indiscipline. Relying on industry self-regulation to resolve this problem is the equivalent of waiting for hell to freeze over".

Read full article at BBC website.

Wednesday, March 26, 2008 8:17:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, March 25, 2008

Another "security lapse" has allowed unauthorised access to personal photos posted on Facebook. What makes this situation all the more worrying is that it happened after a recent upgrade to the website's privacy controls.

This incident was verified by the Associated Press after they were alerted by computer technician, Byron Ng.

Facebook spokeswoman, Brandee Barker stated, "We take privacy very seriously and continue to make enhancements to the site".

This latest lapse is yet another warning about the dangers of sharing photographs and personal information online, even when such websites attempt to assure its members that their information cannot be accessed by everyone.

Even after such warnings, increasing numbers of teenagers and young adults are still publishing personal details on the Internet.

MySpace.com, the only online social network larger than Facebook, also experienced a similar security lapse last year.

Full story at CNN website.

Tuesday, March 25, 2008 4:37:27 PM (W. Europe Standard Time, UTC+01:00)  #     | 

A blog entry by Jessica Hupp at VirtualHosting.com addresses the impact on the environment in web development and use of computer equipment in general.

It provides a sample collection of environmentally friendly applications, tools, networks and directories, web hostings, and others. The list mentions tools and resources concerning information and communication technology infrastructure, hardware, software, and so on.

For more information, click here.

Tuesday, March 25, 2008 4:17:31 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Reuters recently reports on cyber warfare, from the Cold War Soviet oil pipeline explosion to the current information security situation. "The pipeline explosion was probably the first major salvo in what has since become known as cyber warfare. The incident has been cropping up in increasingly urgent discussions in the U.S. on how to cope with attacks on military and civilian computer networks and control systems - and how and when to strike back. Air traffic control, power plants, Wall Street trading systems, banks, traffic lights and emergency responder communications could all be targets of attacks that could bring the U.S. to its knees."

According to Director of National Intelligence Michael McConnell's testimony to a Senate committee, "[the US] information infrastructure - including the Internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries - increasingly is being targeted... by a growing array of state and non-state adversaries." The Pentagon adds that it detects three million attempts to infiltrate its computer networks every day. On a report of the US Government Accountability Office, an audit of 24 government agencies, including Defense and Homeland Security, had shown that "poor information security is a widespread problem with potentially devastating consequences" pertaining to the inevitable involvement of civilians with private companies owning more than 80 percent of the infrastructure.

"Unlike traditional defense categories (i.e. land, sea and air), the military capabilities required to respond to an attack on U.S. infrastructure will necessarily involve infrastructure owned and operated by the private sector," according to Jody R. Westby, CEO of Global Cyber Risk and a champion of better public-private coordination to cope with cyber attacks.

The article further discusses the importance of public-private coordination and the power of botnets in this warfare. A scenario of the damage extent and how the cyber warfare may unfold was also drawn from an interview with Westby.

Read the full article here.

Tuesday, March 25, 2008 2:15:58 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, March 19, 2008

An unexplained "security breach" at the US supermarket chain, Hannaford Bros., resulted in 1800 reported (to date) cases of fraud after about 4.2 million unique card numbers were exposed. This is reported to be one of the largest data breaches ever.

Although the supermarket chain is said to have become aware of the breach on February 27, 2008, investigators report that it actually began on December 7, 2007 and Hannaford Bros. vice president of marketing, Carol Eleazer stated that, "it wasn't contained until 10 March, 2008".

The company's president and CEO, Ronald C. Hodge stated, " We have taken aggressive steps to augment our network security capabilities. Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions".

The US Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed that they are investigating this case.

Beth Givens, director of Privacy Rights Clearinghouse said that debit card holders involved in this incident were most at risk of fraud. Banks generally cover costs from fraudlent charges on credit cards but it might prove more difficult in proving fraud once a criminal has cleared out an individual's bank account.

Visa and MasterCard  state in their contracts with retailers that they do not divulge the source when a data breach occurs. Such a law  does nothing to help either the customer or the retailer in these situations.

Following criticism of the delay in notifying the public about this breach, Carol Eleazer said, " We moved with all deliberate speed to get out to customers with information that we could have confidence in..."

Read full article at CNN website.

Wednesday, March 19, 2008 4:30:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, March 18, 2008

Once again parents in the UK are being warned by teachers about the possible dangers to children by Internet and mobile phone misuse.

A survey of the Association of Teachers and Lecturers' members reports that more than half are aware of pupils being "cyber bullied" and 16% have been victims themselves.

Dr Mary Bousted, General Secretary of the Association of Teachers and Lecturers calls for more serious consequences and policies which might deter such behaviours. She then went on to suggest that as most cyber bullying takes place outside school hours, it might be difficult for teaching staff to take action.

What about the parental role? With parents complaining that their young children are watching pornography in the school playground on their mobile phones, it seems that the call to engage parent-teacher dialogue is not before time.

Unfortnately the situation is more complex, as Dr Bousted  points out the difficulty in  punishing children for such behaviours without the complete support of the parents, adding, "...it's not just students who can behave inappropriately through the Internet, it's parents as well".

Read full article at BBC website.

Tuesday, March 18, 2008 9:57:03 AM (W. Europe Standard Time, UTC+01:00)  #     |