WISH YOU A HAPPY AND SECURE YEAR 2009

Friday, December 26, 2008

Quote of the day

Quote of the day


Silence is one of the hardest argument to refute.

New IT Term of the day

New IT Term of the day


SURBL


Short for Spam URI Real-time Block Lists, it is used to detect spam based on message body URIs (usually Web sites). SURBLs are not used to block spam senders. Instead they allow you to block messages that have spam hosts that are mentioned in message bodies. In order to use SURBL you need software that can parse URIs in message bodies, extract their hosts, and check those against a SURBL list.

Kiwis nail a Mr Big of the spam world

INDICTED : Kiwis nail a Mr Big of the spam world

smh.com.au

December 22, 2008

http://www.smh.com.au/news/technology/security/kiwis-nail-big-time-spammer/2008/12/22/1229794316883.html

A New Zealand man living in Australia has agreed to pay fines totalling $92,715 after admitting his role in an international spam email operation said to be responsible for sending out billions of unsolicited emails in recent years.

Lance Atkinson, 26, of Pelican Waters in Queensland, is also facing charges in the US where a court has frozen his assets at the request of the US Federal Trade Commission (FTC), which also succeeded in having the spam network shut down.

New Zealand's Internal Affairs' Anti-Spam Compliance Unit found Lance Atkinson's operation responsible for more than 2 million unsolicited electronic messages that were sent to New Zealand computers between 5 September 2007 and 31 December 2007.

These emails marketed Herbal King, Elite Herbal and Express Herbal branded pharmaceutical products, manufactured and shipped by Tulip Lab of India.

The Department of Internal Affairs said in a statement released today that Atkinson had sought settlement of the New Zealand charges soon after the announced court proceedings against him in October.

Two other defendants, his brother Shane Atkinson, and Roland Smits, of Christchurch, are contesting the claim and have filed statements of defence.

In handing down her decision in a judgment on Friday, Justice Christine French of the High Court in Christchurch said that the spamming operation was said to be one of the largest in the history of the internet and its impact on New Zealand was therefore proportionately large.

The judge gave Lance Atkinson a substantial discount on the originally prescribed fine because of his co-operation and candour with authorities at an early stage.

Atkinson's Australian-registered company, Inet Ventures, is one of four companies targeted by the FTC over the operation, which encouraged people to click through to websites that allegedly used false claims to peddle prescription drugs, as well as "male enhancement" and weight-loss pills.

The only other defendant named by the FTC is Jody Smith of Texas.

The FTC said Atkinson and Smith allegedly controlled a "botnet" of 35,000 computers, capable of sending 10 billion email messages a day.

The non-profit antispam research group SpamHaus said the network - which has ties to Australia, New Zealand, India, China and the United States - was the largest spam operation in the world and at one point was responsible for one-third of all spam.

Atkinson and another business partner were previously fined $US2.2 million by the FTC in 2005 for running a similar spam network that marketed herbal products.

The FTC received more than 3 million complaints about the spam and related websites, illustrating the scale of the operation, officials said.

China consider tough penalties on hackers

CHINA : China consider tough penalties on hackers

www.chinaview.cn

2008-12-22

http://news.xinhuanet.com/english/2008-12/22/content_10544179.htm

BEIJING, Dec. 22 (Xinhua) -- Computer hackers could meet tough penalties under a draft amendment of the criminal law being debated by China's top legislature.

The draft amendment under review by the Standing Committee of the National People's Congress (NPC) would impose steep fines and prison sentences of three-to-seven years, depending on the severity of the offense.

The existing criminal law only imposes penalties on hackers who break into government, military and scientific research institutes' computer systems.

"The articles in the draft amendment filled in the blank of the existing law by expanding the definition of the offended," said Prof. Yu Gang, with the College of Criminal Justice under China University of Political Science and Law.

Under the current criminal law, most hackers would not be charged for breaking into a bank or business's computer system, he said.

He Changchun, 71, who runs a digital photo printing service in northeastern Liaoning Province, was hacked by a rival two years ago. Thousands of photos his clients sent to him disappeared.

His rival, who goes by the name Shang, stole the password to online chatting software used by He and his employees to contact clients and receive their photos. These photos were kept in a rented FTP server.

Shang was able to use the password to destroy photos on the server.

In December this year, a court convicted Shang for "malfeasance competition" instead of hacking.

This kind of sabotage becomes more common as China's Internet users continue to grow in number. China recorded the world's most users at 290 million in November.

The notorious computer virus "Xiongmao Shaoxiang", or "Panda burning joss stick," infected millions of computers from November 2006 to March 2007.

The virus, with a signature flash image of a panda holding three joss sticks, not only crippled computers, but also stole the account names and passwords of online game players and popular chat sites.

People generally think of hackers as computer geniuses, but 90 percent of them are not, Yu said.

"There are many ready-made hacker tools that make hacking quite easy," he said. "A business of training hackers, making computer viruses, selling them and stealing information, is emerging."

The draft amendment also expands prosecution to those who develop and distribute hacking software. They would face similar penalties as hackers.

The draft did not touch cross-border hacking -- a topic that roused hot discussion among the public.

"The criminal law has clear regulations. Either a crime or the result of a crime happens in China, the case is under our jurisdiction," Yu said.

And, if the suspect is a Chinese citizen, he or she will not be delivered to foreign countries for trial, Yu said.

90% of worldwide e-mail is a spam - Cisco

REPORT : 90% of worldwide e-mail is a spam - Cisco

December 24, 2008

http://www.ecommerce-journal.com/news/12086_90_of_worldwide_e_mail_is_a_spam_warns_cisco_report?drgn=1

As long as cyber crime groups pursuing profiteering through the Internet are improving their skills so as to steal data from businesses, employees and consumers their online attacks are getting more sophisticated and harder to oppose, as noted in the 2008 edition of the Cisco Annual Security Report released this week. In its annual edition Cisco points out to the top security threats of the year providing recommendations on how to protect networks against attacks.

This year the overall number of disclosed vulnerabilities grew 11.5% above 2007. Cisco notes that vulnerabilities in virtualization technology nearly tripled from 35 to 103 on a year-over-year basis. Attacks are becoming increasingly blended, cross-vector and targeted. Threats coming from legitimate domains rose 90% which is nearly double of what was observed a year ago. Meantime, malware infiltrated via e-mail attachments is decreasing in number. Within the period of the last two years the number of attachment-based attacks dropped 50% as compared with the previous two years of 2005 and 2006.

Cisco warned against some specific threats that flooded the web space reporting that the number of spam messages sent daily makes up for 200 billion constituting thus 90% of the worldwide e-mail. While targeted spear-phishing represents about 1 percent of all phishing attacks, it is expected to become more prevalent as criminals personalize spam and make messages appear more credible. The growing danger is also being posed by botnets which are heavily deployed today by cyber criminals. Multiple legitimate web sites were infected this year with IFrames, malicious code injected by botnets that redirect visitors to malware-downloading sites. The use of social engineering to entice victims to open a file or click links continues to grow. More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam.


Hackers deface Eastern Rail website

HACKED : Hackers deface Eastern Rail website

Express News Service

Dec 25, 2008

http://www.expressindia.com/story_print.php?storyId=402733

Kolkata Amid growing tension between India and Pakistan, the official website of the Eastern Railway (ER) was hacked and messages were posted claiming that it was done to avenge India’s alleged violation of the Pakistani air space.

On Wednesday morning, the official site of ER — www.easternrailway.gov.in — was found corrupted with a large number of messages put up by the hackers in its scroll section. The scroll which normally consists of official announcements was flooded with notes like “Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan” followed by “Indians hit hard by Zaid Hamid” and “You are hacked.”

On clicking the messages in the scroll, it opened into a new window which claimed that “Mianwalian of Whackerz” have hacked the site in response to the Pakistan air space violation .

When contacted, ER officials seemed to be unaware of the entire incident and the site was not blocked till 11.40 am.

The website, however, started to function normally after 12 noon. “This is a case of SQL injection. An investigation has been ordered and a report will be submitted within 24 hours. Technically, this cannot be called hacking as our database or confidential information could not accessed. We have, however, taken all necessary precautions,” said Samir Goswami, CPRO, ER.

The Railway officials primarily traced the root of injections to Toronto. One official of the ER said that the websites have cyber security certificate from US-based Thawte.

“We have informed the service provider and will likely get responses from them after 24 hours,” said the spokesperson of ER.

Wednesday, December 24, 2008

Quote of the day

Quote of the day


The dream is not what you see in sleep......dream is which does not let you sleep.

Dr. APJ Abdul Kalam

New IT Term of the day

New IT Term of the day


strong password


A password that is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized access. A strong password consists of at least eight characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase. Strong passwords also do not contain words that can be found in a dictionary or parts of the user’s own name.

Software executive sentenced for hacking

JAILED : Software executive sentenced for hacking

By Robert McMillan

IDG News Service

December 23, 2008

http://www.networkworld.com/news/2008/122308-software-executive-sentenced-for.html

The president of a U.S. software company has been sentenced to probation after pleading guilty to stealing password-protected files from a competitor.

Jay E. Leonard, 61, was sentenced to 12 months supervised probation and a US$2,500 fine after pleading guilty to one count of unauthorized access to a protected computer, a misdemeanor charge.

Leonard is the owner of Boulder, Colorado's Platte River Associates, a company that builds software used in petroleum exploration. He illegally accessed a password-protected area of the Web site belonging to his company's competitor Zetaware, according to a plea agreement filed in the U.S. District Court for the District of Colorado.

One week later, he chaired a company staff meeting in which "a tentative plan was discussed to exploit and to unlawfully utilize the downloaded Zetaware files for the economic gain of Platte River Associates," the plea agreement states.

Zetaware CEO Zhiyong He was tipped off to the intrusion by a confidential source, which he then reported to the U.S. Federal Bureau of Investigation (FBI), court filings state. In an interview Monday, he said he is not sure how Leonard was able to access his Web site, but that he believes that he may have been given a password.

He said that one of Leonard's employees may have turned his boss in. He knew Leonard professionally and was "very surprised" by the incident, he said.

Leonard accessed the Zetaware site from a Sprint wireless network at Houston's George Bush Intercontinental Airport, located near Zetaware's headquarters, the plea agreement states.

In a separate case, Platte River Associates is also facing charges of "trading with the enemy," for allegedly allowing its software to be used to evaluate oil and gas development opportunities off the shore of Cuba, which is under a U.S. trade embargo. "The company has expressed an interest in pleading guilty," in that case, although no plea has been accepted by the judge, according to Jeffrey Dorschner, a spokesman for the United States Attorney's office prosecuting the two cases.

Leonard and his attorney did not return calls seeking comment for this story.

Hacker Sticks Company With $43,000 Phone Bill

UNSAFE : Hacker Sticks Company With $43,000 Phone Bill

FoxNews

December 23, 2008

http://www.foxnews.com/story/0,2933,471105,00.html

It's a long way from Manitoba to Bulgaria — and phone calls from one to the other can get really expensive.

That's what one hapless Canadian small-business owner discovered after a hacker broke into his company's voice-mail system and placed hundreds of calls to the Balkan nation, landing him with a $43,000 phone bill.

"If I have to pay that whole bill out of my own pocket, I'm looking at having to lay off one of my employees," Alan Davison, owner of HUB Computer Solutions in Winnipeg, told the Winnipeg Free Press. "It's quite obvious something was right out of whack. There were hundreds of phone calls."

HUB offers its business clients "best-of-breed security products and solutions," among many other networking and hardware-related services, yet all that stood between a hacker and the company's voice-mail system was a four-digit password.

"Some of these people are very, very knowledgeable in the area and over time they are pretty good at running different passwords," a local security expert tells the Free Press.

Once in, the hacker needed to only use the outbound-transfer feature to place calls overseas.

Davison wants a break on the bill from Manitoba Telecom Services, but the phone company says that since HUB owned all its internal phone-networking gear, the small business may be liable for the whole thing.

"I'm not going to dispute this person didn't make these calls, but speaking generally, we're just not in a position to monitor everyone's minute-to-minute billing," said MTS spokesman Greg Burch.

NSA patents a way to spot network snoops

TECH-TRENDS : NSA patents a way to spot network snoops

by Robert McMillan

ITWorld.com

December 21, 2008

http://www.itworld.com/networking/59610/nsa-patents-way-spot-network-snoops

The U.S. National Security Agency has patented a technique for figuring out whether someone is tampering with network communication.

The NSA's software does this by measuring the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to the patent filing.

Other researchers have looked into this problem in the past and proposed a technique called distance bounding, but the NSA patent takes a different tack, comparing different types of data travelling across the network. "The neat thing about this particular patent is that they look at the differences between the network layers," said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington.

The technique could be used for purposes such as detecting a fake phishing Web site that was intercepting data between users and their legitimate banking sites, he said. "This whole problem space has a lot of potential, [although] I don't know if this is going to be the final solution that people end up using."

IOActive security researcher Dan Kaminsky was less impressed. "Think of it as -- 'if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets,' " he said via e-mail. "Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons."

Some might think of the secretive NSA, which collects and analyzes foreign communications, as an unlikely source for such research, but the agency also helps the federal government protect its own communications.

The NSA did not answer questions concerning the patent, except to say, via e-mail, that it does make some of its technology available through its Domestic Technology Transfer Program.

The patent, granted Tuesday, was filed with the U.S. Patent and Trademark Office in 2005. It was first reported Thursday on the Cryptome Web site.

World Bank Debarred Satyam for 8 Years

PUNISHMENT : World Bank Debarred Satyam for 8 Years

Tuesday, December 23, 2008

By Richard Behar

http://www.foxnews.com/story/0,2933,470964,00.html

For months, the World Bank has been stonewalling and denying a series of FOX News reports on a variety of in-house scandals, ranging from the hacking of its most sensitive financial data to its own sanctions against suppliers found guilty of wrongdoing.

But last week the world's most important anti-poverty organization suddenly came clean — sort of — in its tough sanctions against a vitally important computer software service supplier that has been linked not only to financial wrongdoing but also to the ultrasensitive data heists.

A top bank official, FOX News has learned, has admitted that a leading India-based information technology vendor named Satyam Computer Services was barred last February from all business at the bank for a period of eight years — and that the ban started in September.

The admission confirms what FOX News reported from its own bank sources on October 10 — a report the World Bank officially disparaged at the time.

The World Bank's revelation of the ban on Satyam comes at a watershed moment for the $2 billion (sales) outsourcing giant, which boasts more than 100 Fortune 500 companies as clients and which trades on the New York Stock Exchange. Last week, India's securities commission announced that it would investigate Satyam.

The move came after the company's founder-chairman suddenly announced the company would spend $1.6 billion to buy two distressed real estate and infrastructure companies that are run and partially owned by his two sons. After Satyam's stocked dropped 55 percent in value, the company reversed course.

The World Bank debarment — the harshest sanction the world's largest anti-poverty agency has imposed on any company since 2004 — was meted out for "improper benefits to bank staff" and "lack of documentation on invoices," according to Robert Van Pulley, the top World Bank information security official.

True to its secretive ways, the bank did not make the admission in public. Instead, Van Pulley made the comments in a meeting and two telephone conversations with officials of the Government Accountability Project (GAP), a 30-year-old whistle-blowing organization based in Washington.

One of the phone conversations was recorded, and FOX News was allowed to listen to the tape after the World Bank backed away from its initial insistence that the conversation remain unreported.

Even so, when asked to comment on the recorded conversation, Van Pulley did not return telephone calls from FOX News. But in a conversation last Thursday with GAP, he conceded the Satyam case had been turned over to the Justice Department in 2006 — as FOX previously reported — as well as to the U.S. Treasury Dept.

It is not known if a case against Satyam or World Bank officials is being pursued by either government agency.

Van Pulley was recently named acting head of information security of the World Bank Group, as part of a management shakeup in the wake of a FOX News series about cyber breaches, corruption and cover-ups at the bank. He is also in charge of the bank's procurement department, where he oversaw the Satyam contract.

From 2003 through 2008, as FOX News reported, the World Bank paid Satyam hundreds of millions of dollars to write and maintain all the software used by the bank throughout its global information network, including its back-office operations. That involved overseeing data that ranges from accounting and personnel records to trust funds administered for many of the world's richest nations.

But at the same time, Satyam was straying badly across the bank's ethical warning lines. In 2005, the bank's chief information officer, Mohamed Muhsin, was ousted after being accused of improperly buying preferential stock options from Satyam, even as he awarded the firm major contracts. A top-secret investigation led to Muhsin being banned permanently from the bank in January 2007. But for reasons that remain unclear, Satyam was allowed to remain in control of the bank's information network until early October 2008.

Van Pulley initially agreed to talk with GAP only off the record after the organization raised questions based on the FOX News reports with World Bank president Robert Zoellick. But GAP international program director Beatrice Edwards, a participant in the talks, objected.

"In this investment climate, there is really very little tolerance for maintaining secrecy about malfeasance at high levels of publicly traded companies," she warned Van Pulley. "And if your own vendors are engaged in bribery of high-level bank officials, and that is secret and off-the-record, that is a problem."

Van Pulley then reversed himself and allowed GAP to make his remarks public — but still refused to provide a written version of his admission. At press time, however, an anonymous World Bank spokesman conceded to FOX News that Satyam was "suspended" in February, declared a "non-responsive vendor" and then "made ineligible to be a bank corporate vendor" until the year 2016.

To date, the World Bank boasts it has banned 343 individuals and companies from doing business with the bank — in many cases permanently. A list of the debarred firms is on the bank's website, but Satyam's name is not included.

In October, Satyam declined to speak with FOX News about anything related to the World Bank, including any ban. But during a press conference several days after the article was published, a Satyam board director and senior executive, Ram Mynampati, denied the company had been banned from future work.

Securities lawyers contacted by FOX News say the debarment by the World Bank — one of Satyam's largest and most important customers — should have been announced by the company to its shareholders immediately and also filed with the U.S. Securities and Exchange Commission.

The World Bank's denials and quiet admissions about its troubled relations with Satyam also refocuses attention on an earlier set of bank denials, after FOX News in October reported that the Satyam-supervised computer network of the World Bank Group had been hacked repeatedly by outsiders for more than a year.

According to FOX News sources, one of the worst breaches apparently occurred last April in the network of the bank's super-sensitive treasury unit, which manages $70 billion in assets for 25 clients — including the central banks of some countries.

Sources told FOX News that bank investigators had discovered that spy software had been covertly installed on workstations inside the bank's Washington headquarters — allegedly by one or more contractors from Satyam. "I want them off the premises now," Zoellick reportedly told his deputies. But at the urging of the bank's then-chief information officer, Satyam employees remained at the bank through early October while it engaged in a "knowledge transfer" with two new contractors.

The bank has vociferously denied that any breaches of its treasury unit took place. And, in his discussion with GAP's officials Thursday, Van Pulley denied that Satyam was behind any of the bank's security breaches. Asked by GAP's Edwards who is responsible for the breaches, Van Pulley stated, "I'm not in a position to tell you," adding that "we're confident" it wasn't Satyam.

Also see -

http://www.thehindubusinessline.com/2008/12/24/stories/2008122452390100.htm

http://timesofindia.indiatimes.com/Business/India_Business/World_Bank_bans_Satyam_for_8_years/articleshow/3882895.cms

10 Basic Tips For the Internet Explorer (IE)

10 Basic Tips For the Internet Explorer (IE)

In order to use the Internet Explorer (IE) effectively, we have some basic tips for you to try… Ok let’s go now.

1. To extend the window area of the IE, you can make it easy by pressing the F11 key. Then you press it again in order to return the IE to the normal window.

2. Sometimes you want to search a keyword in a long web page that you are surfing. How do you do ?? Just press Ctrl+F and place the keyword you want.

3. Using Backspace key in your keyboard instead of clicking Back in the IE window.

4. You can close your IE window that you are surfing by Ctrl+W.

5. To see the surfing websites history, Press F4 key to see the URL which you have typed.

6. Press Ctrl+D in order to save the url which you are surfing. And the url will be in the Favorites.

7. To send a web page to your friend. Do you know we can send it by email from the IE’s tools ? Let you try it, go to File > Send > Page by E-mail...

8. To slide the web page by using the keyboard, try it with the arrow keys. To slide it to the bottom and the top of the web page, try the End and Home key.

9. If you find a picture that you prefer it to be the desktop wallpaper, you can immediately set it, right click on the picture area and select the Set as wallpaper.

10. To slide the web page gradually, you may use the Page up, Page down and Spacebar keys. Try it !

Monday, December 22, 2008

Quote of the day

Quote of the day


Something which we think is impossible now will not be impossible in another decade.

New IT Term of the day

New IT Term of the day


steganography


The art and science of hiding information by embedding messages within other, seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.

Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.

Special software is needed for steganography, and there are freeware versions available at any good download site.

Steganography (literally meaning covered writing) dates back to ancient Greece, where common practices consisted of etching messages in wooden tablets and covering them with wax, and tattooing a shaved messenger's head, letting his hair grow back, then shaving it again when he arrived at his contact point.

American Express bitten by XSS bugs (again)

RISK : American Express bitten by XSS bugs (again)

Card accounts still naked

By Dan Goodin in San Francisco

20th December 2008

http://www.theregister.co.uk/2008/12/20/american_express_website_bug_redux/

The website for American Express has once again been bitten by security bugs that could expose its considerable base of customers to attacks that steal their login credentials.

The notice comes days after The Register reported Amex unnecessarily put its users at risk by failing to fix a glaring vulnerability more than two weeks after a security research first alerted company employees to the problem. An Amex spokesman later said the hole had been plugged.

It turns out that's not the case. The cross-site scripting (XSS) error that makes it trivial for attackers to steal americanexpress.com user's authentication cookies is alive and kicking. The confusion stems from a mistake made by many application developers who incorrectly assume that the root cause of a vulnerability is closed as soon as a particular exploit no longer works.

"They did not address the problem," said Joshua D. Abraham, a web-security consultant for Boston-based Rapid7. "They addressed an instance of the problem. You want to look at the whole application and say where could similar issues exist?"

At least two separate sources appeared to discover the XSS hole remained open. Researcher Kristian Erik Hermansen brought it to our attention, and crafted this proof of concept that shows how a rogue website could exploit the bug to siphon a person's americanexpress.com cookie, which helps authenticate users after they enter their user ID and password. A few hours later, Moscow-based SecurityLab.ru put out this advisory.

The botched fix appears to be the result of web developers who fixed the problem for HTTP requests based on the get protocol but not the separate post protocol as well.

This bug was first publicly disclosed in April 2007

It came as a separate XSS error on americanexpress.com was brought to our attention. The weakness was publicly disclosed on a security website forum in April 2007, raising questions about the diligence of Amex security employees in sniffing out and fixing vulnerabilities that could be used to defraud the company's customers.

A company spokeswoman said security is a top concern at Amex and said company employees would investigate the two reported vulnerabilities.

We have no reason to doubt the sincerity of her claim that security is important at Amex, but we still can't understand why the company makes it so hard for researchers to report these kind of vulnerabilities. XSS errors typically can be fixed in a matter of minutes. Just think how much better protected customers would be if the company had an email address or section on its website dedicated to vulnerability reports.

U.S. not ready for cyber attack, war game shows

UNSAFE : U.S. not ready for cyber attack, war game shows

Dec 19 2008

Reuters / Yahoo

http://in.news.yahoo.com/137/20081219/750/ttc-u-s-not-ready-for-cyber-attack-war-g.html

The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on Thursday after participating in a two-day "cyberwar" simulation.

The game involved 230 representatives of government defense and security agencies, private companies and civil groups. It revealed flaws in leadership, planning, communications and other issues, participants said.

The exercise comes almost a year after President George W. Bush launched a cybersecurity initiative which officials said has helped shore up U.S. computer defenses but still falls short.

"There isn't a response or a game plan," said senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service, which ran the simulation. "There isn't really anybody in charge," he told reporters afterward.

Democratic U.S. Rep. James Langevin of Rhode Island, who chairs the homeland security subcommittee on cybersecurity, said: "We're way behind where we need to be now."

Dire consequences of a successful attack could include failure of banking or national electrical systems, he said.

"This is equivalent in my mind to before Sept. 11 ... we were awakened to the threat on the morning after Sept. 11."

Officials cited attacks by Russia sympathizers on Estonia and Georgia as examples of modern cyberwarfare, and said U.S. businesses and government offices have faced intrusions and attacks.

Billions of dollars must be spent by both government and industry to improve security, said U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the intelligence subcommittee on technical intelligence.

The war game simulated a dramatic surge in computer attacks at a time of economic vulnerability, and required participants to find ways to mitigate the attacks -- using real-life knowledge of tactics and procedures where they work.

It was the broadest such exercise in terms of representation across government agencies and industrial sectors, officials said.

Homeland Security Secretary Michael Chertoff, addressing the participants at the end of the exercise, predicted cyberattacks will become a routine warfare tactic to degrade command systems before a traditional attack. That is in addition to threats posed by criminal or terrorist attackers.

International law and military doctrines need to be updated to deal with computer attacks, Chertoff said.

"We know that if someone shoots missiles at us, they're going to get a certain kind of response. What happens if it comes over the Internet?," he said.

Chertoff and Gerencser expressed caution over suggestions earlier this month calling for the appointment of a White House "cybersecurity czar" to oversee efforts. But Ruppersberger disagreed. One person was needed to take charge of efforts and to secure the president's ear, he said.

Ruppersberger said people close to president-elect Barack Obama's transition team have convinced him that Obama understands the importance of bolstering cybersecurity.

Ohio prof develops CCTV people-tracker ware

TREND : Ohio prof develops CCTV people-tracker ware

By Lewis Page

19th December 2008

http://www.theregister.co.uk/2008/12/19/cctv_tracker_ware/

Boffins in Ohio have taken another step towards the global surveillance panopticon of the future, developing software which can autonomously track an individual through a city using CCTV cameras.

James W Davis, associate prof at the Ohio State computer science and engineering department, developed the new spyware with the aid of grad student Karthik Sankaranarayanan.

Davis and Sankaranarayanan's code works by using a pan-tilt-zoom camera to create a panoramic image of its entire field of view, and then linking each ground pixel in the picture to a georeferenced location on a map. This means that when the camera sees a person or vehicle, the computer also knows in terms of map coordinates where it is looking.

That in turn makes it possible for a new camera to be trained on the target as he/she/it passes out of the first one's field of view. In this way, a subject can be followed automatically anywhere that the monitoring computer has CCTV coverage. There's no need for a human operator to manually train cameras around, using up man-hours and sooner or later making a mistake and losing track.

"That's the advantage of linking all the cameras together in one system - you could follow a person's trajectory seamlessly," says Davis.

For now, such camera networks are small and localised. However, the Home Office here in the UK has said it would like to "create an effective cross country strategic CCTV network". Such a network, combined with Davis and Sankaranarayanan's new software, would allow plods or spooks to track people completely hands-off. That said, until facial-recognition software gets a lot better the computers would lose their target as soon as he or she left CCTV coverage.

Not content with his efforts so far, Davis wants to go even further and write code which can pick out people "engaging in nefarious behaviour".

"We are trying to automatically learn what typical activity patterns exist in the monitored area, and then have the system look for atypical patterns that may signal a person of interest," he says.

Such systems are already being trialled, and are known to be more than a bit flaky. The panoramic-map software with its people-tracking abilities seems more promising - from a surveillance operator's point of view, anyway.

Lok Sabha passed Information Technology (Amendment) Bill

LAW : Lok Sabha passed Information Technology (Amendment) Bill

CRPCC Team

22 December 2008

Lok Sabha, Lower House of Indian parliament has passed the Information Technology (Amendment) Bill 2006, today, as per the Synopsis of Business, circulated by Lok Sabha Secretariat.

The bill amends the Information Technology Act 2000 with many major amendments. The bill was introduced in Lok Sabha by Mr. A Raja, Minister of Communication and Information Technology on 15 December 2008 and passed today. Now, the bill will move to Rajya Sabha and then after passing at Rajya Sabha, it will get assent of the President to become the Act. The amended bill will come in force on notification by the central government.

The bill provides more teeth to tackle cyber crimes. It also provides a statuary status to CERT-In.

We will keep you posted on the provisions of new bill, when it will be passes by both houses after considering all amendments and suggestions made by MPs.

Sunday, December 21, 2008

Common Errors in PC & There Solution

Common Errors in PC & There Solution

1. MONITOR LED IS BLINKING
Check all the connections like Monitor Cable, Data cables,RAM, Display Card , CPU connections.
2. CONTINUOS THREE BEEPS
Problem in RAM Connection.
3. THREE BEEPS ( 1 Long 2 Short)
Problem in Display Card Connection
4. THREE LONG BEEPS PERIOD WISE
Problem in BIOS or RAM (Basic Input Output System)
5. CONTINUOS NON-STOP BEEPING
Key Board Problem (I.e.; Some Key is pressed for Longer time)
6. FDD LED IS GLOWING CONTINUOSLY
Data cable to be connected properly (twisted cable).
7. NO DISPLAY ON THE SCREEN AT ALL
Hard Disk cable connected wrongly. Connect rightly seeing the Red mark (Faces power supply) and then Restart.
8. POWER LED IS OFF
a. Check main power cord
b. Check S.M.P.S.
c. Check Mother Board connection
9. SHOWING CMOS ERROR
Replace 3 Volt battery of Mother Board . Set Original Settings Manually.(Refer CMOS Setup chart)
Enter your search termsSubmit search form
10. SHOWING FDD ERROR OR FLOPPY DRIVE IS NOT WORKING PROPERLY
Check Power cord of FDD , Data Cables , set CMOS & Finally the Check drive.
11. SHOWING HDD ERROR OR HARD DISK FAILURE
a. Check Power Cord
b. Check connection of HDD
c. Check Data cable
d. Check Hard Disk parameters in CMOS or Auto detecting Setting Partitions by Fdisk Command, then format it to set track 0.
12. MOTHER BOARD HANGS DUE TO UNSTABILIZED POWER SUPPLY
a. Check S.M.P.S
b. RAM not functioning properly.
c. Software problem (due to using pirated software)
d. CPU fan not functioning properly.
13. DANCING SCREEN
a. Check Display card connection
b. Virus Problem
c. Video Memory Problem
14. SHAKING SCREEN
a. Earthing problem
b. Magnetic waves comes around.
15. CPU CABINET SHOCK
a. Check Earthing
b. Check main power cord.
16. NON-SYSTEM DISK ERROR
a. Floppy Drive having different disk (Non-Bootable Disk) OR CMOS Parameters for Hard Disk may not be set properly.
b. Hard Disk Partitions may not be created.
c. Hard Disk may not be formatted.
7. MISSING OPERATING SYSTEM
The System files missing namely Ie; command.com} - User File IO.SYS & MS_DOS.SYS } - Hidden Files. These above three files required for Start up of the system that can be transferred by using SYS C: Command OR While the time of formatting by using Format c:/u/s
18. MISSING COMMAND INTERPRETOR
May the file Command.com is corrupted OR Infected by Virus OR Some one has Erased it.
19. SHOWING I/O ERROR
a. The type of Hard Disk in CMOS may not be set properly.
b. Operating system used for formatting is not valid
20. SHOWING DIVIDE OVER- FLOW MESSAGE
a. May some Directories or Files crash with other files.
b. Use CHKDSK/F or SCANDISK Command to correct it.

21. HARD DISK MAKING NOISE WHILE PROCESSING
a. Unstabilized power supply.
b. Check for Loose Contact.
c. Do not use Y Connectors for Hard Disk.
d. It may create Bad Sector OR Weak Hard Disk.
22. HARD DISK HANGS WHILE PROCESSING
Check for Bad Sector by using CHKDSK or SCANDISK Command. If found format the Hard Disk and set Partition before that area.(This is the only procedure to use Hard Disk with Bad Sector) OR (To avoid Bad Sectors use Standard Power Supply)
23. HARD DISK NOT DETECTED
a. Check Power Connector
b. Check Data Cables
c. Check Jumpers
24. PARTITION NOT SHOWN
Operating System where the Hard Disk formatted is not supported with present Mother Board. For Eg: Hard Disk formatted with Pentium System will hide their partitions for 486 System.
25. MMX/DLL FILE MISSING
May the above files may be corrupted due to power failure or Virus. Make available above files from other Computer. OR Reinstall Windows 98 Operating System. (This procedure will not make any effect on existing Data).
26. WINDOWS REGISTRY ERROR
This will happen due to sudden ON/OFF of the system. Final solution is to Reinstall Operating System.
27. DISPLAY COLOUR DOES NOT MATCH
a. Configure Display Card properly with their CD.
b. The Standard setting for Windows is set it to 800x600 for better performance.
28. UNKNOWN DEVICE FOUND
May the Driver utility is not provided with operating system . Insert Driver CD and install software for the above Device.

This Day in History

Thanks for your Visit