Happiness must be cultivated. It is like character. It is not a thing to be safely let alone for a moment, or it will run to weeds.
Elizabeth Stuart Phelps
(1844-1911, Writer)
IT and Related Security News Update from Centre for Research and Prevention of Computer Crimes, India (www.crpcc.in) Courtesy - Sysman Computers Private Limited, Mumbai
Happiness must be cultivated. It is like character. It is not a thing to be safely let alone for a moment, or it will run to weeds.
Elizabeth Stuart Phelps
(1844-1911, Writer)
microblog
A type of blog that lets users publish short text updates. Bloggers can usually use a number of service for the updates including instant messaging, e-mail, or Twitter. The posts are called microposts, while the act of using these services to update your blog is called microblogging. Social networking sites, like Facebook, also use a microblogging feature in profiles. On Facebook this is called "Status Updates".
July 22, 2009
Mark White, home affairs correspondent
Some computer repair shops are illegally accessing personal data on customers' hard drives - and even trying to hack their bank accounts, a Sky News investigation has found.
In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.
In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.
An investigator from the Trading Standards Institute said he was "shocked" by the findings.
The investigation was carried out using surveillance software loaded onto a brand-new laptop.
It operated without the user being aware that every event that took place on the computer was being logged.
All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop's built-in camera.
Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.
This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.
The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.
The most serious offender was Revival Computers in Hammersmith, West London.
Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.
Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.
The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.
As he snooped through the files, he is seen smiling and showing the pictures to another colleague.
Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked 'private'.
He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled "mamma jammas".
Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.
Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.
The only reason he was unsuccessful was because the details were fake.
When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.
However in a telephone conversation, they denied all knowledge of the alleged abuses.
When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: "I'm really quite shocked, both in the range of potential problems this has revealed - people overcharging, mis-describing the faults - but also people attempting to steal personal details.
"It's a big abuse of trust. If you were expert in computers you wouldn't have to hand in your machine to be repaired. They know that.
"They know you won't be able to tell what they've done afterwards, they know you're putting your trust in them and unfortunately, as we're seeing, there are too many people willing to abuse that trust.
"What you've shown is that there is a much wider problem in the industry than we knew about.
"It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced."
BlackBerry customers revolt after spyware scandal
If your customers think that you tried to spy on them, that's not going to be good for business.
23 July 2009
http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/
That's the message that's presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.
RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to "to send received messages back to a central server."
Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers' BlackBerry devices.
Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat's BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It's hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.
Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.
Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:
Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.
This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.
These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.
Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.
RIM has published an update which removes the application from affected BlackBerry smartphones.
PTI
24 July 2009
http://www.hindu.com/2009/07/24/stories/2009072455341300.htm
Washington: In possibly the first such case involving an Indian in the U.S., police in Pennsylvania have arrested an Indian engineer on charges of using Internet for soliciting young girls for sex.
In a statement, the Pennsylvania Attorney General Tom Corbett said Nityanand Gopalika (30), here on a work visa, allegedly used an Internet chat room to approach what he believed was a 13-year old girl from the Pittsburgh area.
The “girl” was actually an undercover agent from the Child Predator Unit. According to the criminal complaint filed by the Attorney General’s Child Predator Unit, Gopalika engaged in a series of chats over several days questioning the girl about her sexual experience and describing the sex acts he wished to engage in. Gopalika is also accused of sending the girl two obscene web cam videos.
Gopalika was arrested on July 1 when he arrived at a predetermined meeting location.
Following a search of his vehicle, agents seized two laptop computers, a digital camera, a cell phone allegedly containing a partially completed text message to the “child,” directions to the meeting location and a bag of condoms. Gopalika was preliminarily arraigned on July 1 and lodged in the Butler County Jail in lieu of $15,000 cash bail, pending a preliminary hearing on Friday.
By Jo Best,
ZDNet Asia
July 23, 2009
http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm
Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data.
The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.
Due to the fact the three firms settled with the FSA, their fines were discounted by 30 percent--the original charges totaled 4.55 million pounds (US$7.47 million).
The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.
Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.
Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.
"While this is a serious matter, no customer reported any loss from these failures. We are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.
Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.
Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".
"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.
The three companies have now improved staff training and use encryption when data is being moved.
Thanks for your Visit