International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Friday, May 14, 2010

Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.

According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.

 

(Source: Networkworld)

Full story

Networkworld

Friday, May 14, 2010 5:03:45 PM (W. Europe Standard Time, UTC+01:00)  #     | 

For all the Twitterers who were fretting about where their followers went earlier today, fear not. They're back. Twitter engineers have corrected a bug that was messing with users' followers on Monday. To fix the problem, Twitter engineers had to reset users' followers/following numbers to zero for a while around midday, according to Twitter's Status update.

"What we really see with social networking is that for any given tool, whether it's Twitter, Facebook or any other site, there is a hard core of very active users who care a lot about any problems, changes, or interruptions. These people are very vocal and opinionated -- passionate, in other words."

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, May 14, 2010 4:56:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, May 10, 2010

With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.

The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the email—one Mrs. Michelle Matins, Executive Vice President—was also the signatory for the 419 scam, aka the Nigeria scam.

 

(Source: Trend Micro)

Full story

Trend Micro

Monday, May 10, 2010 3:21:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Cybersecurity needs a global rethink, and fast, Dell's CEO Michael Dell and Services CIO, Jim Stikeleather, have warned experts at the EastWest Institute Worldwide Cybersecurity Summit in the US. In separate presentations and briefings, the men developed the theme of piecemeal reactions to the rapid rise of crymber-criminality, which included economic crime and direct threats to critical infrastructure.

Governments haven't done enough and have fallen into the trap of seeing matters in a narrow, national way. Meanwhile, the security industry has been content to sell products without asking whether security was properly embedded into the way products are developed. "Governments and private industry need to work collaboratively to develop the appropriate international framework to secure cyberspace. We should all do this in a way that keeps our global information central nervous system intact and secure," said Michael Dell.

 

(Source: MIS Asia)

Full story

MIS Asia

Monday, May 10, 2010 10:42:56 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, May 07, 2010

As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.

Here are some of the key findings of the Consumer Reports survey: • A projected 1.7 million online households had experienced online identity theft in the past year. • An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. • Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. • An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.

 

(Source: PC World)

Full story

PC World

Friday, May 07, 2010 1:37:28 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Cybersecurity experts from around the world meeting on ways to protect the Internet say they still have fears of "nightmare" scenarios in which attacks could cripple critical computer networks. "I live in a world of nightmares," Patrick Pailloux, director general of France's Network and Information Security Agency, told participants in the first Worldwide Cybersecurity Summit which ended on Wednesday. "Each subject is a nightmare: electricity, power grids, transportation, airplanes, water supply, finance, the banking system, the health system,"

Pailloux said. Pailloux was among the 400 participants from 40 nations who attended the meeting hosted by the EastWest Institute think tank to come up with ways to protect the world's digital infrastructure from cyber threats. The cybersecurity experts, government officials and business leaders agreed that only global cooperation could protect computer networks under constant attack from ever mutating viruses, worms, spam and a host of other dangers.

 

(Source: AFP)

Full story

AFP

Friday, May 07, 2010 1:22:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, May 04, 2010

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.

To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.

 

(Source: The Register)

Full story

The Register

Tuesday, May 04, 2010 4:23:22 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, May 03, 2010

A new international research report commissioned by ACCAN reports on 16 high-speed broadband applications that can provide enormous benefits to people with disabilities. The report was conducted between November 2009 and January 2010 and discusses the uses of broadband applications in Europe, the United States and Japan. The study is also timely with regard to the work being undertaken to establish the National Disability Strategy. Preliminary findings from the study have resulted in input being provided to the Department of Broadband, Communications and the Digital Economy for its involvement in the Inter-Departmental Committee on the National Disability Strategy.

 

(Source: Australian Communications Consumer Action Network)

Full story

Australian Communications Consumer Action Network

Monday, May 03, 2010 5:33:51 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Cisco Systems has embarked on a "take back and recycle" program, to ensure that consumers in Africa do not use phased-out equipment. The program takes used Cisco gear as well phased-out products that may still be sitting on resellers' shelves. Cisco has already indicated that it is phasing out the Linksys brand, which is common in Africa. "The Computer For Schools Kenya (CFSK) plant can handle large quantities of e-waste in a day; has employed young people and its important for equipment manufacturers and vendors in the region to work with communities,"

While the Cisco program may save customers the cost of managing and storing excess, outdated, or used ICT equipment, most such equipment on the continent is dumped is sold at low cost -- in some cases the equipment works, making cost-conscious customers consider buying obsolete equipment.

 

(Source: ComputerWorld Kenya)

Full story

ComputerWorld Kenya

Monday, May 03, 2010 5:27:53 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 30, 2010

A new research report on online government from the Pew Research Center’s Internet & American Life Project shows that citizens are searching for information in unprecedented numbers. When they visit sites, they're increasingly making transactions and participating in discussion around policies. Forty-one percent have gone online to get forms, including tax forms, health forms or student aid forms, and 35 percent have researched government documents or statistics. Roughly one-third of all Internet users reported renewing driver's licenses and auto registrations online. In general, the use of government websites for information and transactions is nearly ubiquitous among Internet users, with 82 percent of online adults surveyed reporting one of the two activities.

 

(Source: Pew Research Center)

Full story

Pew Research Center

Friday, April 30, 2010 5:30:08 PM (W. Europe Standard Time, UTC+01:00)  #     | 

European ministers are considering establishing a new agency that would tie together law enforcement agencies and other entities dedicated to fighting cybercrime. The ministers released a set of goals they'd like to achieve over time. One of those is to gain more ratifications of the Council of Europe's Cybercrime Convention, the only international treaty covering computer crime. The treaty requires countries to adopt cybercrime laws, have contacts available 24 hours a day for fast-breaking investigations and other measures. Another medium-term goal focuses on revocation of domain names and IP (Internet protocol) addresses. The document doesn't spell out exactly the ministers' objectives there, as it is already standard procedure for many ISPs to shut down Web sites linked with bad behavior. The new agency would also be tasked with forging stronger bonds between various law enforcement and other organizations that deal with cybercrime, including Europol, Eurojust, Interpol and others.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, April 30, 2010 5:27:59 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 29, 2010

Many of us take the Internet for granted, but what about locations that are too remote or economically impoverished to enjoy the hi-tech benefits of the developed world? The Shadow Chancellor in the UK, George Osborne, illustrated in a recent speech that people in the developing world - even in the poorest of circumstances - do care about having access to technology.

In a visit to a remote village in Rwanda in 2007 he and 40 other Conservative Party volunteers were working on transforming a once derelict orphanage into a school. When it was announced that they were going to fix up the buildings and improve the water supply there were cheers from the villagers, but the loudest shouts were received when it was announced that the school was to be equipped with a computer. Osborne was at first surprised with the reaction - access to a computer is not a fundamental of life. But even villagers in the remotest part of Rwanda knew about computers and the Internet and didn't want their children to be excluded - as they had been - from something that could help lift them out of poverty.

 

(Source: All Africa)

Full story

All Africa

Thursday, April 29, 2010 5:05:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.

The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. Malware in general, and botnets in particular, are a Windows ecosystem problem. Some bloggers have taken exception to the German plan, and have described it as a state funded subsidy to Microsoft, arguing that the money would be better spent offering advice on how to switch to less virus-infected systems.

 

(Source: The Register)

Full story

The Register

Thursday, April 29, 2010 4:21:45 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, April 28, 2010

Attorney General of the Federation (AGF), Mohammed Bello Adoke, has called for the establishment of computer forensic laboratories across the country either on zonal or state basis. The AGF said that the yet to be established laboratories would be federally funded and managed by government agency that would be designed to work closely with the military, police, paramilitary, state security service and all state and local law enforcement agencies.

The director, Digital Evidence and Cyber Forensic Institute, Arinze Emeka said the study on forensic analyses has become more important because present state of global technology. "You cannot do anything today without the use of the communication network. Before now, we have been used to the analog way of doing things. Virtually all functions of government in whatever manner they operate through the cyber space," he said.

 

(Source: NGR Guardian News)

Full story

NGR Guardian News

Wednesday, April 28, 2010 3:18:49 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Blippy, a social networking site that allows users to share their purchases and discuss shopping with others, will revamp its security plans and hire a Chief Security Officer after an embarrassing incident in which the site accidentally published a few of its members' credit card numbers on Google.

Blippy Co-founder and CEO Ashvin Kumar said in a blog post this week that the slip-up occurred as a result of a technical oversight back in February that caused raw transaction data to appear within the HTML code on some Blippy pages for about half a day. Kumar said Blippy executives have hammered out a security plan that aims to prevent further security missteps. It includes hiring a Chief Security Officer and associated staff that will focus solely on issues relating to information security. Blippy will also undergo regular 3rd-party infrastructure and application security audits and create a security and privacy center, in addition to other measures included in the plan.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Wednesday, April 28, 2010 3:14:29 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, April 27, 2010

Four U.S. senators want Facebook to make it easier for its more than 400 million users to protect their privacy as the website develops new outlets to share personal information. It marks the second time in the past three days that Schumer has expressed his misgivings about a series of changes that Facebook announced last week. The new features are designed to unlock more of the data that the online hangout has accumulated about people during its six-year history.

Schumer sent a letter Sunday to the Federal Trade Commission calling for regulators to draw up clearer privacy guidelines for Facebook and other Internet social networks to follow. The political pressure threatens to deter Facebook's efforts to put its stamp on more websites, a goal that could yield more moneymaking opportunities for the privately held company. Facebook's expansion "raises new concerns for users who want to maintain control over their information," the senators wrote in their preliminary draft.

 

(Source: AP)

Full story

AP

Tuesday, April 27, 2010 3:13:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 

This paper presents the findings from the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency, conducted 1-3 February 2010 at Kyoto University in Kyoto, Japan. Program committee members chose to focus this year's conference on the theme of measuring the health of the DNS. As the entire Internet relies daily on the DNS, understanding its health – both at a given instant and as it changes over time – is critical for being able to reasonably predict the DNS's health outlook and to decide whether to take corrective measures.

The Symposium endeavored to analyze the state of understanding DNS health, the key vital signs for the DNS and how the community might approach improving measurement and assessment of DNS health.

 

(Source: ICANN)

Full story

ICANN

Tuesday, April 27, 2010 3:03:47 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 26, 2010

"A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

 

(Source: Slashdot)

Full story

Slashdot

Monday, April 26, 2010 5:08:54 PM (W. Europe Standard Time, UTC+01:00)  #     | 

History was made the other evening when the UK's three wannabe prime ministers took centre stage for a TV debate. This was the culmination of weeks of rehearsals, practice runs and body language training. But what if I then tell you that every mobile phone call made by one of the campaign teams preparing for this TV event was secretly recorded and analysed, enabling their rival to understand everything from the campaign strategy through to the likely rebuttal to a particular question? Illegal? Of course. Farfetched? No longer. The past few months has seen the mobile phone industry thrown into turmoil as the computer hacking community has carried out successful attacks against mobile phone call security. I wrote an article about such a hack a while back, but at that point it remained a theory rather than a practical way to listen into mobile phone calls.

 

(Source: IT Director)

Full story

IT Director

Monday, April 26, 2010 5:05:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 23, 2010

Facebook brings families closer together. But as with any medium, Facebook is sometimes abused, occasionally to damaging effect. The Facebook Privacy Settings options let you control who has access to your personal information. The page includes a Block List that prevents contact with the people and e-mail addresses you specify without their knowledge.

The Safety for Parents section of the Safety Center describes what to do if your child views inappropriate content on a Facebook page, how to help a child report abusive conduct, and how to delete an account of a child under the age of 13. Much of the information in this section parrots the entries on the Safety for Teens page, but it does include links to in-depth articles by Common Sense Media on security for teens online.

 

(Source: CNet News)

Full story

CNet News

Friday, April 23, 2010 12:37:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Attackers have begun exploiting a design flaw in Adobe's PDF format to spread the Zeus botnet, only days after the publication of a proof-of-concept exploit for the flaw, according to security researchers.

On Wednesday, researchers at M86 Security said they had discovered emails claiming to originate from Royal Mail with PDF attachments exploiting the flaw. The attachment attempts to run an executable file that installs the Zeus Trojan on a user's system. Zeus attempts to steal banking information by logging a user's keystrokes. It also attempts to make a user's system part of the Zeus botnet.

 

(Source: ZDNet)

Full story

ZDNet

Friday, April 23, 2010 12:33:24 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 22, 2010

The government is expanding its scholarship program for students in cybersecurity fields. About 108 universities participate in the 9-year-old Scholarship for Service program, which covers up to two years of tuition in exchange for two years of federal service. More schools, including community colleges, will be added in June, White House cybersecurity coordinator Howard Schmidt said Tuesday at the Interagency Resources Management Conference.

The expansion will be announced at the annual Colloquium for Information Systems Security Education — a conference that brings together academic, government and industry cybersecurity professionals — in June in Baltimore, Schmidt said.

 

(Source: Federal Times)

Full story

Federal Times

Thursday, April 22, 2010 2:06:47 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

 

(Source: Infosec Island)

Full story

Infosec Island 

Thursday, April 22, 2010 2:01:39 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, April 21, 2010

Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days.

"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/." Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Wednesday, April 21, 2010 10:51:29 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Text messaging rises sharply among teens and is now their most frequent form of communication with friends. 72% of those ages 12-17 now are texters and the average young text user exchanges 1,500 texts per month.

Cell phones are mixed blessing to American families, bringing safety and connection along with disruption and irritation. Daily text messaging among American teens has shot up in the past 18 months from 38% of teens texting friends daily in February of 2008, to 54% of teens texting daily in September 2009. In fact, text messaging has become the most frequent way that teens reach their friends, surpassing face-to-face meetings, email, instant messaging and voice calling as a daily communications tool. However, cell phone calling is still the preferred mode that teens use to connect with their parents.

 

(Source: Pew Research Center)

Full story

Pew Research Center

Wednesday, April 21, 2010 10:25:36 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, April 20, 2010

A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected.

"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," said Mr Ferguson.

 

(Source: BBC)

Full story

BBC

Tuesday, April 20, 2010 10:45:00 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Police hunting a hacker who had attacked a US school's systems found themselves cornering a "very intelligent" 9 year old instead, it has emerged. When passwords for teachers at Spring Hill Elementary, Virginia, were changed without authorisation the school board initially thought a hacker had broken into the school district's Blackboard system. Police were called in to investigate in mid-March and were quickly able to trace the incident back to a PC at the home of a 9 year-old school student.

The youngster's mother was initially chief suspect in the hack but after speaking to her and and her son police came to the surprising conclusion that they were dealing with a 'kindergarden' hacker.

 

(Source: The Register)

Full story

The Register

Tuesday, April 20, 2010 10:29:05 AM (W. Europe Standard Time, UTC+01:00)  #     |