Sunday, August 9, 2009

Quote of the day

Quote of the day

Our real enemies are the people who make us feel so good that we are slowly, but inexorably, pulled down into the quicksand of smugness and self-satisfaction.

Sydney Harris

New IT Term of the day

New IT Term of the day


Short for dark Internet, in file sharing terminology, a darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. Darknets are popular with users who share copy protected files as the service will let users send and receive files anonymously — that is, users cannot be traced, tracked or personally identified. Usually, darknets are not easily accessible via regular Web browsers.

ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat

ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat

by Brian Prince

August 4, 2009

It should come as no surprise that at a security conference called 'Black Hat' there would be a fair amount of shenanigans going on over the WLAN network.

According to Aruba Networks, which provided the Wi-Fi network at the conference last month in Las Vegas, attackers were up to their usual tricks. The company tracked and analyzed all attempted attacks throughout the event.

Here is what they found:


Security stats:

  • 9 suspected rogue access points were detected.
  • 175 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.
  • 23 impersonation attacks were detected.
  • 71 non-Blackhat access points were detected.
  • 154 denial-of-service attacks were detected.

In some ways, the numbers were an improvement from 2008; in some ways not. For example, fewer rogue access points were detected this year. On the other hand, there were 130 more denial-of-service attacks detected in 2009. Check out these numbers:


Security stats:

  • Each day there were between 10-15 rogue APs detected (rogue defined as an AP that was advertising the conference SSID of "BlackHat").
  • 49 users attempted to connect to rogue APs and were blocked by RFprotect, which generated 709 shielding actions
  • 362 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.
  • 221 attempts by a wireless user to ARP poison the default gateway were blocked by the Aruba firewall.
  • 140 port scans (nmap or similar) from wireless users to other wireless users were detected and blocked by the Aruba firewall.
  • 57 non-Blackhat APs were detected
  • 24 denial of service attacks were detected. The average duration of each attack was 24 seconds.

The stats are a reminder that whether you are at a security conference or at a local Starbucks, it is best to keep your guard up.

CHINA : Hacker Schools Become Big Business

CHINA : Hacker Schools Become Big Business

By Matthew Harwood



Long known as a prominent source of cyberattacks worldwide, China has seen the emergence of online training schools that teach students the skills necessary to either be a network defender or a cybercriminal.

These "hacker schools," as they're known, are also big business, generating $34.8 million last year, reports China Daily.

Students can enroll in online classes for as little as a few hundred yuan.

While some schools advertise themselves as training the next generation of security experts, many worry a percentage of the students will use their skills to commit various cybercrimes, such as identity theft or stealing trade secrets.

Wang Xianbing—a security consultant for a prominent online hacking school, Hackbase.com—likens the training provided by the Web site to that of the locksmith trade.

"It's like teaching lock picking," he told Beijing Today. "No one can guarantee the student will become a professional locksmith rather than a future thief."

Rather it's up to the individual and his conscience whether to use his knowledge for good or evil, Wang said. Interviewed by China Daily, he said that the company's students are explicitly told not to use their knowledge for illegal activities.

"Lots of hacker schools only teach students how to hack into unprotected computers and steal personal information," said Wang. "They then make a profit by selling users' information."

Imparting such knowledge, even with caveats, runs obvious risks. Last year alone, according to China Daily, hacking cost the Chinese economy approximately $1 billion. Globally, Symantec estimates cybercrime cost firms a total of $1 trillion in 2008, reported CNet.com in January.

But money isn't the only motivation, reports China Daily.

A 25-year-old hacker school student from Shanghai surnamed Wang, said most of his "classmates" simply enroll in hacker school for personal reasons, such as spying on relatives, showing off their computer-savvy skills or taking revenge on a rival's Websites, rather than making money.

Wang described the Catch-22 of teaching a new generation of security experts the tools of the trade: "They have to learn how to attack a Web site before they can learn how to defend it."

Also see -


CONTROL : Malaysia considering internet filter

CONTROL : Malaysia considering internet filter


06 August 2009


MALAYSIA is considering the establishment of an Internet filter, similar to China's abandoned 'Green Dam' project, a source familiar with the process told Reuters on Thursday.

News of the proposal emerged within days of police arresting nearly 600 opposition supporters at a weekend rally denouncing a government that has ruled this Southeast Asian country for 51 years.

A vibrant Internet culture has contributed to political challenges facing the government, which tightly controls mainstream media and has used sedition laws and imprisonment without trial to prosecute a blogger.

'They (the government) are looking to tweak the technical and legal details of implementing this Internet filter, setting the stage for its implementation late this year or next year,' said the source, who declined to be identified.

No one from the government was available for comment.

Malaysia plans to double home Internet penetration to 50 per cent by the end of next year with a new broadband project.

New Information, Communication and Culture Minister Rais Yatim, whose ministry issued the tender, also plans to secure control over the content and monitoring division of Malaysia's Internet regulator, a second source said.

'The minister wants to focus more on enforcement in the coming year,' the source said.

Malaysia, with a population of 27 million, attracted foreign technology companies such as Microsoft Corp and Cisco Systems to invest and guaranteed that the government would not impose controls on the Internet.

Ms Rais said last month that wider broadband access required more regulation.

'With the good comes the bad through the broadband over the Internet,' he said. 'We will introduce certain measures to overcome the bad.'

THREAT : Cyber security threat to India is real

THREAT : Cyber security threat to India is real

Vicky Nanjappa


August 05, 2009


The demand for better methods to enforce cyber security has grown stronger since the November 26 attacks in Mumbai

India has a dedicated organisation, CERT-In -- which operates under the auspices of the department of communication and information technology -- to tackle cyber crimes. However, the agency is not a prosecuting body.

An officer at CERT-In told rediff.com over the telephone from New Delhi that although the agency does not have the legal power to examine cyber crimes, it can probe cases referred to the organisation.

CERT-In, which covers both government and military areas, says the threats relating to cyber security are on the rise. Common targets include critical infrastructure like telecommunication, transportation, energy and finance.

The attackers are not confined to information infrastructures and geographical boundaries. They exploit network interconnections and navigate easily through the infrastructure. More worryingly, these cyber criminals are becoming more skilled at masking their behaviour.

CERT-In consists a group of professionals headed by a director who investigate cases referred to the agency. It submits a report to the police station that has sought the agency's help following which a chargesheet is filed.

Why not a single agency?

Senior police officers say it is difficult to have a single agency looking at such cases.

If a crime is committed in a particular state, it is easier for police officers of that state to probe the case. At present, one police officer adds, no one person has complete charge of cyber security.

Although the Union government drafts all cyber laws and CERT-In assists in investigations, the final call can be taken by the cyber crime wings based in the states.

The only other national agency which can probe cyber crime cases is the Central Bureau of Investigation.

The prosecuting agency

The ministry for communication and information technology governs the system pertaining to cyber security. While the ministry is largely involved in drafting laws, the actual job on the ground is handled by the cyber-crime wings in the states.

The law is clear that a complaint pertaining to a cyber crime or threat can be assigned only to the jurisdictional cyber crime wing in each state. An inspector general of police heads each cyber crime wing; a superintendent of police, inspectors and sub inspectors report to her/him. Only this department can file a chargesheet and prosecute individuals involved in cyber criminal activity.

The inspector general of police reports to the state police chief.

An officer in the Karnataka cyber crime wing said it is often difficult to crack a case as the cell does not have enough IT professionals. In such cases, CERT-In's assistance is sought.

Experts feel the process of investigating a cyber crime is cumbersome under the present set-up. It is difficult to have a national level agency which takes a final call since Indian law clearly states that cases will be probed on a jurisdictional basis for all practical purposes.

R Srikumar, a former Karnataka police chief and chairman of the Cyber Society of India (Karnataka chapter), says that trained personnel could be inducted into cyber crime cells so that the procedure of referring the matter to another agency and then waiting for a report to proceed with the prosecution can be avoided.

Professor Chandrashekar, a forensics expert and a member of the CSI, believes dedicated teams of IT professionals should be appointed by respective state governments to work with the cyber crime wings.

Former CBI Director R Raghavan launched the first cyber society in Tamil Nadu. Professor Chandrashekar explains that the society's role is to train professionals in cracking cyber crimes.

He says the society will sign a Memorandum of Understanding with the National Law School, Bengaluru, to introduce a course in cyber security. The course will issue a certificate to certified cyber crime investigators.

Cyber crime wings in the states could then employ such certified investigators.

Although private security agencies investigate cyber crimes, the Union government has not made full use of their services as is the case in some countries.

Sources say the government may seek the skills of private agencies in select cases, but would prefer to improve official cyber crime wings since such cases often involve national security.

Sunday, July 26, 2009

Quote for the Day

Quote of the day

Happiness must be cultivated. It is like character. It is not a thing to be safely let alone for a moment, or it will run to weeds.

Elizabeth Stuart Phelps

(1844-1911, Writer)

New IT Term of the day

New IT Term of the day


A type of blog that lets users publish short text updates. Bloggers can usually use a number of service for the updates including instant messaging, e-mail, or Twitter. The posts are called microposts, while the act of using these services to update your blog is called microblogging. Social networking sites, like Facebook, also use a microblogging feature in profiles. On Facebook this is called "Status Updates".

BEWARE : Repair Shops Hack Your Laptops

BEWARE : Repair Shops Hack Your Laptops

July 22, 2009

Mark White, home affairs correspondent


Some computer repair shops are illegally accessing personal data on customers' hard drives - and even trying to hack their bank accounts, a Sky News investigation has found.

In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.

In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.

An investigator from the Trading Standards Institute said he was "shocked" by the findings.

The investigation was carried out using surveillance software loaded onto a brand-new laptop.

It operated without the user being aware that every event that took place on the computer was being logged.

All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop's built-in camera.

Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.

This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.

The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.

The most serious offender was Revival Computers in Hammersmith, West London.

Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.

Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.

The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.

As he snooped through the files, he is seen smiling and showing the pictures to another colleague.

Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked 'private'.

He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled "mamma jammas".

Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.

Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.

The only reason he was unsuccessful was because the details were fake.

When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.

However in a telephone conversation, they denied all knowledge of the alleged abuses.

When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: "I'm really quite shocked, both in the range of potential problems this has revealed - people overcharging, mis-describing the faults - but also people attempting to steal personal details.

"It's a big abuse of trust. If you were expert in computers you wouldn't have to hand in your machine to be repaired. They know that.

"They know you won't be able to tell what they've done afterwards, they know you're putting your trust in them and unfortunately, as we're seeing, there are too many people willing to abuse that trust.

"What you've shown is that there is a much wider problem in the industry than we knew about.

"It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced."

SPY : Did Etisalat Spied BlackBerry Customers?

SPY : Did Etisalat Spied BlackBerry Customers?

BlackBerry customers revolt after spyware scandal

If your customers think that you tried to spy on them, that's not going to be good for business.

23 July 2009


That's the message that's presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.

RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to "to send received messages back to a central server."

Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers' BlackBerry devices.

Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat's BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It's hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.

Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.

Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:

Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.

This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.

These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.

Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.

RIM has published an update which removes the application from affected BlackBerry smartphones.

PREDATOR : Indian “Internet predator” held in U.S.

PREDATOR : Indian “Internet predator” held in U.S.


24 July 2009


Washington: In possibly the first such case involving an Indian in the U.S., police in Pennsylvania have arrested an Indian engineer on charges of using Internet for soliciting young girls for sex.

In a statement, the Pennsylvania Attorney General Tom Corbett said Nityanand Gopalika (30), here on a work visa, allegedly used an Internet chat room to approach what he believed was a 13-year old girl from the Pittsburgh area.

The “girl” was actually an undercover agent from the Child Predator Unit. According to the criminal complaint filed by the Attorney General’s Child Predator Unit, Gopalika engaged in a series of chats over several days questioning the girl about her sexual experience and describing the sex acts he wished to engage in. Gopalika is also accused of sending the girl two obscene web cam videos.

Gopalika was arrested on July 1 when he arrived at a predetermined meeting location.

Following a search of his vehicle, agents seized two laptop computers, a digital camera, a cell phone allegedly containing a partially completed text message to the “child,” directions to the meeting location and a bag of condoms. Gopalika was preliminarily arraigned on July 1 and lodged in the Butler County Jail in lieu of $15,000 cash bail, pending a preliminary hearing on Friday.

FINED : HSBC companies slapped with US$5M fines over data breach

FINED : HSBC companies slapped with US$5M fines over data breach

By Jo Best,

ZDNet Asia

July 23, 2009


Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data.

The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.

Due to the fact the three firms settled with the FSA, their fines were discounted by 30 percent--the original charges totaled 4.55 million pounds (US$7.47 million).

The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.

Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.

Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.

"While this is a serious matter, no customer reported any loss from these failures. We are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.

Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.

Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".

"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.

The three companies have now improved staff training and use encryption when data is being moved.

Friday, July 24, 2009

Quote of the day

Quote of the day

You can have anything you want -- if you want it badly enough.

You can be anything you want to be, have anything you desire, accomplish anything you set out to accomplish -- if you will hold to that desire with singleness of purpose.

Robert Collier


New IT Term of the day

New IT Term of the day

chicken boner

A slang term used in reference to an inexperienced spammer. The reference implies that the person is a low-life who spends all their time in front of the computer with "fried chicken bones littering the floor".

FINED : UK Consultant Handed £5,000 Fine Over Database Breach

FINED : UK Consultant Handed £5,000 Fine Over Database Breach

by Desire Athow

21 July, 2009,


A man behind an illicit database containing details of construction workers has been slapped with a fine of £5,000 for infringing the UK Data Protection Act at Knutsford Crown Court and required to pay a further £1,187.20 in costs.

Last week, Ian Kerr, the founder of The Consultancy Association (TCA) which illicitly held and sold confidential information of employees, has been found guilty of data breaches and eventually ordered to pay considerable fines.

Kerr was sentenced by the Court following an investigation by the Information Commissioner’s Office, which disclosed that he conducted a secret operation to vet construction workers for job in the industry.

David Smith, Deputy Information Commissioner, commented on the case by saying, “Ian Kerr colluded with construction firms for many years flouting the Data Protection Act and ignoring people's privacy rights. Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity.”

It was ascertained by the Court that the database created by TCA held information on as many as 3,213 construction workers and was utilised by around 40 construction companies.

The information watchdog is said to take enforcement action against 17 construction companies that paid Kerr for information on workers, in the wake of any representations made by the firms.

JAILED : Two years in jail for IT director who wiped medical data

JAILED : Two years in jail for IT director who wiped medical data

Ex-employee deleted crucial organ donation records

By Jaikumar Vijayan


21 July 2009


An IT director at an organ donation organisation has been sentenced to two years in prison for intentionally deleting numerous records and other data after being fired from her job.

Danielle Duann, 51, who worked at an organ procurement centre for more than 200 hospitals in Texas, was also sentenced to three years of supervised release upon completion of her term and ordered to pay more than $94,000 in restitution to her former employer, LifeGift Organ Donation Center.

Duann in April had pleaded guilty to one count of unauthorised access to a protected computer.

Court documents filed in connection with the case describe what is becoming an increasingly familiar tale of companies victimised by insiders.

Duann was hired by LifeGift in 2003 and put in charge of overseeing the company's entire IT infrastructure and fired in November 2005 for reasons not specified in court documents.

At the time of her termination, Duann was informed in writing that all her access rights had been revoked. The company also took steps to lock all administrator accounts to which Duann was known to have access.

Despite such steps, Duann still managed to access LifeGift's network from her home on the same evening she was fired, via a VPN account that she appears to have previously set up without anyone's knowledge.

Once inside the network, Duann used an administrator account belonging to another LifeGift employee to log into several servers, including the company's organ donor database server and main accounting server, multiple times.

Over the next several hours, she then deleted donor records, accounting invoice files, database and software applications, backup files and the software tokens needed to run some applications.

In a bid to cover her tracks, Duann manually deleted all logs of her VPN sessions with the company's network. She also disabled the activity logging functions on the database and accounting servers -- making it impossible for LifeGift to identity all of the individual files and applications she deleted, the court documents said.

Duann's sabotage, however, was discovered the next morning by an employee of a network services company that had just been hired by LifeGift to provide backup and disaster recovery services for the non-profit. The employee noticed someone deleting files in real-time from a VPN connection, which he quickly terminated.

The VPN connection logs and IP address was later traced back to Duann's home Internet connection. A subsequent search of Duann's home and computer systems by the FBI uncovered more evidence that linked her to the sabotage.

Like countless similar incidents, this one highlights the challenges that companies face when it comes to protecting data and systems from malicious insiders. In this case, the sabotage occurred even though LifeGift appears to have taken most of the measures that security experts recommend when employees leave the company or are fired.

For instance, the company immediately revoked Duann's access privileges after terminating her and disabled all administrator accounts to which she had had previous access. The fact that Duann still managed to access the company's servers just hours later, highlights how difficult it can sometimes be to stop insiders who plan to do harm.

THREAT : Cyber attack a threat to London Olympics

THREAT : Cyber attack a threat to London Olympics

Organizers feel that a potential cyber attack posed a unique challenge for the London 2012 Olympics

Avril Ormsby

July 22, 2009


LONDON, UK: Olympic organizers are "very alive" to the threat of a cyber attack on the London 2012 Olympics, made more challenging because of its evolving nature, senior Interior Ministry officials said on Tuesday.

Ticketing systems, the transport network and hotel bookings as well as security are among potential targets.

Olympic security officials are also planning for the possible diversion of aircraft to protect airspace around the venues from terrorist attacks, the officials said.

The greatest threat to security at the Games is international terrorism, the government's latest "Safety and Security Strategy" report said.

"There's no current evidence of a terrorist threat to 2012," one of the Interior Ministry officials said.

"But if you look at precedents for sporting events, and to some degree about Olympic events, it would not be beyond the point of imagination to imagine a terrorist threat to 2012 nearer the time."

Metropolitan Police Assistant Commissioner Chris Allison said it was likely there would be a terrorist threat at the Games but he pointed to Britain's "long history of delivering safe sporting events".

Threats Change

Despite the British government on Monday lowering the threat level from international terrorism from "severe" to "substantial", security planning for the Games will be based on an assumed threat level of severe -- the second highest level.

Interior Minister Alan Johnson said in a statement that security planning was "progressing in good time and to budget".

A total of 600 million pounds ($980 million) has been put aside for security, but Interior Ministry officials said if the threat increased it could put upward pressure on costs.

The officials, who declined to be named, said a potential cyber attack posed a unique challenge because it was constantly changing and that more funds were being directed at the problem of computer attacks.

"The general challenge reflected in cyber is anticipating what threats will look like three years out, and threats change, the nature of terrorism changes and the nature of serious crime changes as well, and cyber specifically is a really good example of a moving threat," one of the officials said.

"I think we are very alive to the cyber (issue) and we are very alive to the fact that at the moment it is difficult to predict what it will look like with specific reference to the Games in 2012."

Officials are also drawing up plans for protecting water and air space around Olympic venues from possible attack, including possibly diverting aircraft. It is expected diversions would most likely affect smaller, private aircraft.

"We do expect there will have to be some management of air space," another of the Interior Ministry officials said.

"We do not expect that any airports will have to be closed."

TOPPER : U.S. Is Top Spam-Producing Country

TOPPER : U.S. Is Top Spam-Producing Country

The US has been named the world's biggest spam-producing country, says security vendor Sophos.

By Carrie-Ann Skinner

PC Advisor (UK)

July 21, 2009


The US has been named the world's biggest spam-producing country.

Security firm Sophos said the US was responsible for 15.6 percent of all spam received between April and June this year - that's one in every six junk emails.

The US was closely followed by Brazil, which produced 11.1 percent of all spam, and Turkey, which generated 5.2 percent.

Russia, which was second on Sophos' Dirty Dozen list a year ago, has now fallen to ninth place and was only responsible for 3.2 percent of all spam between April and June.

Graham Cluley, senior technology consultant for Sophos, said: "Barack Obama's recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard. If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the net".

Sunday, July 19, 2009

Quote of the day

Quote of the day

When it is dark enough, you can see the stars.

Charles Beard

New IT Term of the day

New IT Term of the day


Software that is used by spammers to send out automated spam e-mail. Spamware packages may also include an e-mail harvesting tool.

SURVEY : One in six consumers acts on spam

SURVEY : One in six consumers acts on spam

Jeremy Kirk

July 14, 2009

IDG News Service


About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.

Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.

Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits as well as awareness of current security issues.

Those who did admit to opening a spam message -- which in and of itself could potentially harm their computer -- said they were interested in a product or service or wanted to see what would happen when they opened it.

"It is this level of response that makes spamming a lot more attractive as a business because spam is much more likely to generate revenues at this response rate," according to the survey.

One other study, conducted by the computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.

Those researchers infiltrated the Storm botnet, a network of hacked computers used to send spam.

They monitored three spam campaigns, in which more than 469 million e-mails were sent. Of the 350 million messages pitching pharmaceuticals, 10,522 users visited the advertised site, but only 28 people tried to make a purchase, a response rate of .0000081 percent. Still, that rate is high enough to potentially generate up to $3.5 million in annual revenue, they concluded.

MAAWG's survey showed that nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security, a highly complex field even for those trained in it, said Michael O'Reirdan, chairman of MAAWG's board of directors.

And some 80% of people felt their machine would never be infected with a bot, or a piece of malicious software that can send spam, harvest data and do other harmful functions. That's dangerous, O'Reirdan said.

"If you don't believe you aren't going to get one, you aren't going to look for one," he said. "If you get a bot, you're a nuisance to other people."

Interestingly, 63% of consumers said they would allow remote access to their computer to remove malware. That idea is under increasing discussion in the security community, which is grappling with how to deal with botnets. Botnets can also conduct denial-of-service attacks against Web sites, such as the ones attacked last week in South Korea and the U.S.

Some ISPs are building automated systems that can cut off a computer's Internet access if the machine is suspected of containing malware. Consumers are then given instructions on how to patch their machine and install security software. When their PC is clean, they are restored full access to the Internet. MAAWG is close to issuing a set of guidelines for ISPs on how to battle botnets.

"The best thing a user can do is patch their machine religiously," O'Reirdan said. "It's incredible easy to do."

RISK : SPAM BOT for 3G Phone

RISK : SPAM BOT for 3G Phone

Zombies bite into Symbian smartphones

Low-risk mobile Trojan bundles botnet features

By John Leyden

16th July 2009


Security researchers have identified the first known spam bot client for 3G phones.

YXES-B poses as a legitimate application called Sexy Space (ACSServer.exe) to steal the subscriber, phone, and network information of victims. The malware forwards these details to a site under hacker control.

The same site contains message clips that form the template to send spammed SMS messages to the victims' contacts.

The malware therefore has a command and control infrastructure that makes it a botnet for mobile phones, according to Trend Micro, the security software firm.

The code-signing process applied by Symbian is designed to enure that threats like YXES-B never meet the light of day. Hackers have subverted this process for a second time - YXES-B was proceeded by an earlier variant. It it's unclear how they have done this

The damage potential posed by the malware is quite high. Fortunately, incidents of actual infections remain low.

More details on the threat can be found in a write-up from Trend Micro here http://blog.trendmicro.com/signed-malware-coming-to-a-phone-near-you/#ixzz0LLLdJHN9&D

PROFESSIONAL : Cyber Criminals using Business School Teachings

PROFESSIONAL : Cyber Criminals using Business School Teachings

Cyber crime lords using big business tactics:Cisco

PHYSorg.com / AFP

14 Jul 2009


Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

"The novel thing is that they have taken the Harvard Business School, General Electric board room

business training and applied it to their old techniques."

The California technology firm specializing in computer networking gear summarized current threats in a "Midyear Security Report" that concludes hackers are increasingly operating like successful businesses.

Peterson cited how cyber hackers capitalized on interest in the death of pop icon Michael Jackson in late June.

Disasters, celebrity doings and other major news is routine fodder for bogus emails and websites

booby-trapped with computer viruses, but in the case of Jackson's death, crooks cranked out fake news stories to dupe readers.

"They had their criminal copy editors working on copy for the story as fast as it happened," Peterson said.

"They brought the Jackson story to market in a way that rivals media outlets. They have an advantage; they don't have to do any reporting."

Billions of spam messages with links to trick websites or videos promising scintillating Jackson images and information were fired off in the days after his June 25 death, according to Cisco.

"Sales leads" that followed online links were turned into "customers," whose computers were stealthily infected with nefarious codes for stealing data, usurping control of machines or other evil deeds.

Cyber criminals are reportedly embracing a nefarious version of a "cloud computing" trend of offering

computer applications online as services.

Commanders of infected computers woven into "botnet" armies rent out illegally assembled networks to fellow criminals for sending spam, launching attacks or other deeds, according to Cisco.

Peterson told of an "anti-anti-virus" online operation called "Virtest" that charges hackers monthly fees to keep them informed about which security firms can detect their malicious programs.

"It's a criminal service," Peterson said of the operation, which appears to be based in Russia. "We've seen lots of examples of criminals sharing tools, but we've never seen a commercial business like this."

Spammers also employ a business marketing practice of packing booby-trapped websites with terms

typically used as keywords in various Internet search engines so that their links land high in query results.

Cisco referred to the practice as "Spamdexing."

"Because so many consumers tend to trust and not be suspicious of rankings on leading search engines, they may readily download one of the fake software packages assuming it is legitimate," Cisco said in the report.

Cyber crooks are also hunting for prey in the rapidly expanding population of mobile telephone users by sending trick text messages.

Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.

Callers are connected to automated voice systems that, feigning to represent the banks, ask people to enter account passwords and other personal information that can later be exploited, Peterson said.

Online social networks, according to Cisco, are becoming popular "customer acquisition" territory for cyber criminals.

"It's big business now to penetrate those networks," said Peterson.

People in online communities are more likely to click on links and download content they believe is from people they know and trust, the report said.

BEWARE : Hacker Hacked Twitter – Stolen Secret Documents

BEWARE : Hacker Hacked Twitter – Stolen Secret Documents

By Maggie Shiels

Technology reporter

BBC News



The microblogging service Twitter has been terribly hacked. Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.

TechCrunch has made public some of the 310 bits of material it was sent.

It posted information about Twitter's financial projections and products.

"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone.

In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.

"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Mr Stone, Twitter's co-founder, went on to stress that "the attack had nothing to do with any vulnerability in Google Apps".

He said this was more to do with "Twitter being in enough of a spotlight that folks who work here can be a target".

In his blog post, Mr Stone underlined the need for increased online security within the company and for staff to ensure their passwords are robust.

It is believed a French hacker who goes by the moniker "Hacker Croll" illegally accessed the files online by guessing staff members' passwords.

"News value"

A number of technology blogs were offered the documents for publication in what is now being dubbed "Twittergate" in some online forums.

TechCrunch, one of the most respected blogs in Silicon Valley, has set off a firestorm of criticism and debate over its decision to post some of the material.

It started things off with what it called a "softball" and published details about a reality TV show involving Twitter. Details of such a programme were made public in May.

That was followed by documents relating to an internal Twitter financial forecast that the company said is no longer accurate.

"There is clearly an ethical line here that we don't want to cross, and the vast majority of these documents aren't going to be published, at least by us.

"But a few of the documents have so much news value that we think it's appropriate to publish them," wrote TechCrunch Editor and founder Michael Arrington

Mr Arrington noted the site received a deluge of comments on the issue and said "many users say this is "stolen" information and therefore shouldn't be published. We disagree.

"We publish confidential information almost every day on TechCrunch. This is stuff that is also "stolen," usually leaked by an employee or someone else close to the company."

The TechCrunch founder cited examples of stories it has covered in the past that involved information it had acquired and also those covered by newspapers like the Wall Street Journal that had done a similar thing.

Mr Arrington said that he has also consulted lawyers about the laws that cover trade secrets and the receipt of stolen goods.


Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.

The hacker has claimed to have wanted to teach people to be more careful and in a message to the French blog Korben, wrote that his attack could make internet users "conscious that no one is protected on the net."

"The security breach exploited "an easy-to-guess password and recovery question, which is one of the simplest ways to make a username and password combination really insecure," said Phil Wainewright of ZDNet.com

"Unfortunately, users won't wise up until the cloud providers force them to."

In a study last year the security firm Sophos found that 40% of internet users use the same password for every website they access.

The affair has put Google on the defensive because the information was stored in Google Apps, an online package of productivity software that includes email, spreadsheets and calendars.

The company issued a blog post. While it highlighted the need for strong security, it said it could not discuss individual uses or customers.

Twitter's Mr Stone tried to play down the importance of the information being touted around the web.

"Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world.

"This is "akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there." That is an apt apology," Mr Stone said.

At the social media blog Mashable, Adam Ostrow agreed.

"It's another embarrassing moment in Twitter's torrid growth, but nothing that's likely to bring the house down."

Also see -

Tech Crunch’s posting-


Twitter’s response


Friday, July 17, 2009

Quote of the Day...

Quote of the day

In school you get the lesson and then take the test;

In life you take the test and then get the lesson.

New IT Term of the day

New IT Term of the day


An Internet slang term that means "clueless newbie".

CYBER FIGHT : Hackers Increasingly Targeting Religion Sites

CYBER FIGHT : Hackers Increasingly Targeting Religion Sites

10 July 2009

By Paul Goble

The Moscow Times


Hacker attacks against sites maintained by political opponents of the Russian government have received a great deal of attention. One target of hackers that has received far less press is Runet sites operated by religious groups, which are increasingly coming under cyber attack, a trend that reflects the importance of the Internet in Russian religious life.

In an article in newspaper Novya Izvestiya, reporter Mikhail Pozdnyaev says that among those who have suffered from hacker attacks are “representatives of all confessions, official and independent information agencies that write about religious news, and popular missionaries."

Because of the diversity of sites and the difficulties involved in determining why a site may have failed and in tracking down those responsible, there are no reliable statistics available on just how widespread this trend is. Consequently, the Novaya Izvestiya journalist describes some of the more high-profile examples of this phenomenon.

Pozdnyaev begins with the hacker attack on the official site of the Maykop and Adygei eparchate of the Russian Orthodox Church this past Sunday. For several hours, he reports, visitors to the site found a page that had nothing to do with religious affairs, though the eparchate’s technical staff was able to restore the site rather quickly.

Officials in the eparchate told Pozdnyaev that they believe that this attack happened when it did because at least some of the faithful are unhappy that Archbishop Panteleimon has been replaced as head of the see by Bishop Tikhon. The hackers, these officials believe, were supporters of Panteleimon.

But exactly who carried out the cyber attack remains unknown in this case, as in others even when the hackers declare themselves — as happened earlier this year — to be representatives of the “ Free Radical Society of Atheists of Bobruisk” or the “Atheist from Shenkursk,” titles that are only user names that reveal little.

A much larger hacking scandal occurred during the controversy over now dethroned Bishop Diomid and his challenge to the Moscow Patriarchate. The “Orthodoxy in the Far East” portal that featured information on his case came under attack twice — once with those responsible posting pornographic pictures and another time with foul language.

The priest who oversees the portal said the hackers were people who supported Diomid and had enough resources to overcome the portal’s defenses. Since then, the Interior Ministry’s Bureau of Special Technical Measures has tracked down the individual involved: He is a citizen of one of the CIS countries, the ministry reported.

Russian prosecutors are seeking to bring this person to justice, the journalist says, but they have not had much luck. And that highlights a serious problem: As Pozdnyaev notes, “catching a hacker is harder that restoring a site that has been attacked.”

Other religious entities that have been targeted include the Estonian Orthodox Church of the Moscow Patriarchate, the official site of the Patriarchate itself following the death of Aleksii II, and Portal-Credo.ru, an independent religious news portal that is often highly critical of the Orthodox Church.

Hacker attacks against web sites maintained by the Russian Orthodox Church, its various subdivisions and even individual clerics, such as Archdeacon Andrey Kurayev, are a relatively new phenomenon, but such attacks have been taking place against Islamic sites on a regular basis for a decade.

At the end of June, hackers took offline for a brief period two of the most important Russian-language Islamic news sites, Islam.ru and IslamNews.ru, both of which have been subject to similar attacks in the past. Pozdnyaev says that it is possible that the hackers are people who “do not share the loyal attitude” of these sites to the government.

This Day in History

Thanks for your Visit