tag:blogger.com,1999:blog-42428650267242352222024-03-10T02:23:12.494+05:30Cyber Crime Updates...(Prerna231 Group)IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
(www.crpcc.in)
Courtesy - Sysman Computers Private Limited, MumbaiAseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.comBlogger538125tag:blogger.com,1999:blog-4242865026724235222.post-73230814353851703172009-08-09T19:56:00.000+05:302009-08-09T19:57:03.403+05:30Quote of the day<span style="font-size:85%;"><b><span style="font-size: 16pt;">Quote of the day </span></b></span> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Our real enemies are the people who make us feel so good that we are slowly, but inexorably, pulled down into the quicksand of smugness and self-satisfaction.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Sydney Harris</span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-8627786679492739792009-08-09T19:54:00.000+05:302009-08-09T19:55:29.572+05:30New IT Term of the day<h1 style="margin: 0cm 0cm 0.0001pt;"><span style="font-size:85%;"><strong><span style="font-family: Arial;">New IT Term of the day </span></strong></span></h1> <div class="MsoNormal" style="text-align: center;" align="center"><span style="font-size:85%;"><strong><span style="font-size: 11pt; font-family: Arial; color: maroon;"> <hr align="center" size="2" width="100%"> </span></strong></span></div> <p class="MsoNormal"><span style="font-size: 24pt; color: rgb(0, 0, 51);"><span style="font-size:85%;">darknet</span></span></p> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Short for dark Internet, in file sharing terminology, a darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. Darknets are popular with users who share copy protected files as the service will let users send and receive files anonymously — that is, users cannot be traced, tracked or personally identified. Usually, darknets are not easily accessible via regular Web browsers. </span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-52410519184001385812009-08-09T19:53:00.000+05:302009-08-09T19:54:03.710+05:30ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat<span style="font-size:85%;"><b><span style="font-size: 16pt;">ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat</span></b></span> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">by Brian Prince </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">August 4, 2009</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">It should come as no surprise that at a security conference called 'Black Hat' there would be a fair amount of shenanigans going on over the WLAN network.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">According to Aruba Networks, which provided the Wi-Fi network at the conference last month in Las Vegas, attackers were up to their usual tricks. The company tracked and analyzed all attempted attacks throughout the event.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Here is what they found:</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:85%;"><b><span style="font-size: 11pt;">BLACKHAT 2009 STATS:</span></b></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal" style="margin-left: 18pt;"><span style="font-size: 11pt;"><span style="font-size:85%;">Security stats:</span></span></p> <ul style="margin-top: 0cm;" type="disc"><span style="font-size:85%;"> <li class="MsoNormal"><span style="font-size: 11pt;">9 suspected rogue access points were detected.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">175 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">23 impersonation attacks were detected.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">71 non-Blackhat access points were detected.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">154 denial-of-service attacks were detected.</span></li> </span></ul> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">In some ways, the numbers were an improvement from 2008; in some ways not. For example, fewer rogue access points were detected this year. On the other hand, there were 130 more denial-of-service attacks detected in 2009. Check out these numbers:</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:85%;"><b><span style="font-size: 11pt;">BLACKHAT 2008 STATS:</span></b></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal" style="margin-left: 18pt;"><span style="font-size: 11pt;"><span style="font-size:85%;">Security stats:</span></span></p> <ul style="margin-top: 0cm;" type="disc"><span style="font-size:85%;"> <li class="MsoNormal"><span style="font-size: 11pt;">Each day there were between 10-15 rogue APs detected (rogue defined as an AP that was advertising the conference SSID of "BlackHat").</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">49 users attempted to connect to rogue APs and were blocked by RFprotect, which generated 709 shielding actions</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">362 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">221 attempts by a wireless user to ARP poison the default gateway were blocked by the Aruba firewall.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">140 port scans (nmap or similar) from wireless users to other wireless users were detected and blocked by the Aruba firewall.</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">57 non-Blackhat APs were detected</span></li> <li class="MsoNormal"><span style="font-size: 11pt;">24 denial of service attacks were detected. The average duration of each attack was 24 seconds.</span></li> </span></ul> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The stats are a reminder that whether you are at a security conference or at a local Starbucks, it is best to keep your guard up.</span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-49201414521630048252009-08-09T19:51:00.001+05:302009-08-09T19:51:46.703+05:30CHINA : Hacker Schools Become Big Business<p class="MsoNormal"><span style="font-size:85%;"><a rel="nofollow" name="CCC"></a><b><span style="font-size: 16pt;">CHINA</span></b><b><span style="font-size: 16pt;"> : Hacker Schools Become Big Business</span></b></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">By Matthew Harwood</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">08/05/2009</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"><a rel="nofollow" target="_blank" href="http://www.securitymanagement.com/news/china-hacker-schools-become-big-business-006017">http://www.securitymanagement.com/news/china-hacker-schools-become-big-business-006017</a></span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Long known as a prominent source of cyberattacks worldwide, China has seen the emergence of online training schools that teach students the skills necessary to either be a network defender or a cybercriminal.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;"><span style="font-size:85%;">These "hacker schools," as they're known, are also big business, generating $34.8 million last year, reports China Daily.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;"><span style="font-size:85%;">Students can enroll in online classes for as little as a few hundred yuan.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">While some schools advertise themselves as training the next generation of security experts, many worry a percentage of the students will use their skills to commit various cybercrimes, such as identity theft or stealing trade secrets.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Wang Xianbing—a security consultant for a prominent online hacking school, Hackbase.com—likens the training provided by the Web site to that of the locksmith trade.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">"It's like teaching lock picking," he told Beijing Today. "No one can guarantee the student will become a professional locksmith rather than a future thief."</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Rather it's up to the individual and his conscience whether to use his knowledge for good or evil, Wang said. Interviewed by China Daily, he said that the company's students are explicitly told not to use their knowledge for illegal activities.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;"><span style="font-size:85%;">"Lots of hacker schools only teach students how to hack into unprotected computers and steal personal information," said Wang. "They then make a profit by selling users' information."</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Imparting such knowledge, even with caveats, runs obvious risks. <span style="color: maroon;">Last year alone, according to China Daily, hacking cost the Chinese economy approximately $1 billion.</span> Globally, Symantec estimates cybercrime cost firms a total of $1 trillion in 2008, reported CNet.com in January.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">But money isn't the only motivation, reports China Daily.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal" style="margin-left: 36pt;"><span style="font-size:85%;"><i><span style="font-size: 11pt;">A 25-year-old hacker school student from Shanghai surnamed Wang, said most of his "classmates" simply enroll in hacker school for personal reasons, such as spying on relatives, showing off their computer-savvy skills or taking revenge on a rival's Websites, rather than making money.</span></i></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Wang described the Catch-22 of teaching a new generation of security experts the tools of the trade: "They have to learn how to attack a Web site before they can learn how to defend it."</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Also see -</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"><a rel="nofollow" target="_blank" href="http://www.radioaustralianews.net.au/stories/200908/2647252.htm?desktop">http://www.radioaustralianews.net.au/stories/200908/2647252.htm?desktop</a></span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-45824003993147684192009-08-09T19:48:00.001+05:302009-08-09T19:50:51.699+05:30CONTROL : Malaysia considering internet filter<span style="font-weight: bold;font-size:180%;" >CONTROL : Malaysia considering internet filter</span> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">Reuters </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">06 August 2009 </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"><a rel="nofollow" target="_blank" href="http://mt.m2day.org/2008/content/view/25355/84/">http://mt.m2day.org/2008/content/view/25355/84/</a></span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">MALAYSIA</span></span><span style="font-size:11;"><span style="font-size:85%;"> is considering the establishment of an Internet filter, similar to China's abandoned 'Green Dam' project, a source familiar with the process told Reuters on Thursday.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">News of the proposal emerged within days of police arresting nearly 600 opposition supporters at a weekend rally denouncing a government that has ruled this Southeast Asian country for 51 years.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">A vibrant Internet culture has contributed to political challenges facing the government, which tightly controls mainstream media and has used sedition laws and imprisonment without trial to prosecute a blogger.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">'They (the government) are looking to tweak the technical and legal details of implementing this Internet filter, setting the stage for its implementation late this year or next year,' said the source, who declined to be identified.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">No one from the government was available for comment.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">Malaysia</span></span><span style="font-size:11;"><span style="font-size:85%;"> plans to double home Internet penetration to 50 per cent by the end of next year with a new broadband project.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">New Information, Communication and Culture Minister Rais Yatim, whose ministry issued the tender, also plans to secure control over the content and monitoring division of Malaysia's Internet regulator, a second source said.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">'The minister wants to focus more on enforcement in the coming year,' the source said.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">Malaysia</span></span><span style="font-size:11;"><span style="font-size:85%;">, with a population of 27 million, attracted foreign technology companies such as Microsoft Corp and Cisco Systems to invest and guaranteed that the government would not impose controls on the Internet.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">Ms Rais said last month that wider broadband access required more regulation.</span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:11;"><span style="font-size:85%;">'With the good comes the bad through the broadband over the Internet,' he said. 'We will introduce certain measures to overcome the bad.'</span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com1tag:blogger.com,1999:blog-4242865026724235222.post-65199451200781664092009-08-09T19:44:00.000+05:302009-08-09T19:47:37.654+05:30THREAT : Cyber security threat to India is real<span style="font-size:85%;"><b><span style="font-size: 16pt;">THREAT : Cyber security threat to India is real</span></b></span> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Vicky Nanjappa </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Rediff.com</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">August 05, 2009</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"><a rel="nofollow" target="_blank" href="http://news.rediff.com/special/2009/aug/05/cyber-security-threat-to-india-is-real.htm">http://news.rediff.com/special/2009/aug/05/cyber-security-threat-to-india-is-real.htm</a></span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The demand for better methods to enforce cyber security has grown stronger since the November 26 attacks in Mumbai </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">India</span></span><span style="font-size: 11pt;"><span style="font-size:85%;"> has a dedicated organisation, CERT-In -- which operates under the auspices of the department of communication and information technology -- to tackle cyber crimes. However, the agency is not a prosecuting body.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">An officer at CERT-In told rediff.com over the telephone from New Delhi that although the agency does not have the legal power to examine cyber crimes, it can probe cases referred to the organisation.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">CERT-In, which covers both government and military areas, says the threats relating to cyber security are on the rise. Common targets include critical infrastructure like telecommunication, transportation, energy and finance.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The attackers are not confined to information infrastructures and geographical boundaries. They exploit network interconnections and navigate easily through the infrastructure. More worryingly, these cyber criminals are becoming more skilled at masking their behaviour.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">CERT-In consists a group of professionals headed by a director who investigate cases referred to the agency. It submits a report to the police station that has sought the agency's help following which a chargesheet is filed.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:85%;"><b><span style="font-size: 11pt;">Why not a single agency?</span></b></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Senior police officers say it is difficult to have a single agency looking at such cases.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">If a crime is committed in a particular state, it is easier for police officers of that state to probe the case. At present, one police officer adds, no one person has complete charge of cyber security.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Although the Union government drafts all cyber laws and CERT-In assists in investigations, the final call can be taken by the cyber crime wings based in the states.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The only other national agency which can probe cyber crime cases is the Central Bureau of Investigation.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size:85%;"><b><span style="font-size: 11pt;">The prosecuting agency</span></b></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The ministry for communication and information technology governs the system pertaining to cyber security. While the ministry is largely involved in drafting laws, the actual job on the ground is handled by the cyber-crime wings in the states.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The law is clear that a complaint pertaining to a cyber crime or threat can be assigned only to the jurisdictional cyber crime wing in each state. An inspector general of police heads each cyber crime wing; a superintendent of police, inspectors and sub inspectors report to her/him. Only this department can file a chargesheet and prosecute individuals involved in cyber criminal activity.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">The inspector general of police reports to the state police chief.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">An officer in the Karnataka cyber crime wing said it is often difficult to crack a case as the cell does not have enough IT professionals. In such cases, CERT-In's assistance is sought.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Experts feel the process of investigating a cyber crime is cumbersome under the present set-up. It is difficult to have a national level agency which takes a final call since Indian law clearly states that cases will be probed on a jurisdictional basis for all practical purposes.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">R Srikumar, a former Karnataka police chief and chairman of the Cyber Society of India (Karnataka chapter), says that trained personnel could be inducted into cyber crime cells so that the procedure of referring the matter to another agency and then waiting for a report to proceed with the prosecution can be avoided.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Professor Chandrashekar, a forensics expert and a member of the CSI, believes dedicated teams of IT professionals should be appointed by respective state governments to work with the cyber crime wings.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Former CBI Director R Raghavan launched the first cyber society in Tamil Nadu. Professor Chandrashekar explains that the society's role is to train professionals in cracking cyber crimes.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">He says the society will sign a Memorandum of Understanding with the National Law School, Bengaluru, to introduce a course in cyber security. The course will issue a certificate to certified cyber crime investigators.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Cyber crime wings in the states could then employ such certified investigators.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Although private security agencies investigate cyber crimes, the Union government has not made full use of their services as is the case in some countries.</span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;"> </span></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><span style="font-size:85%;">Sources say the government may seek the skills of private agencies in select cases, but would prefer to improve official cyber crime wings since such cases often involve national security.</span></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-36413359496563577492009-07-26T20:47:00.000+05:302009-07-26T20:48:17.204+05:30Quote for the Day<b><span style="font-size: 16pt;">Quote of the day </span></b> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">Happiness must be cultivated. It is like character. It is not a thing to be safely let alone for a moment, or it will run to weeds.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Elizabeth Stuart Phelps</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">(1844-1911, Writer)</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-33521058102774216092009-07-26T20:46:00.000+05:302009-07-26T20:47:00.832+05:30New IT Term of the day<h1 style="margin: 0cm 0cm 0.0001pt;"><strong><span style="font-family: Arial;">New IT Term of the day </span></strong></h1> <div class="MsoNormal" style="text-align: center;" align="center"><strong><span style="font-size: 11pt; font-family: Arial; color: maroon;"> <hr align="center" size="2" width="100%"> </span></strong></div> <p class="MsoNormal"><span style="font-size: 24pt; color: rgb(0, 0, 51);">microblog</span></p> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">A type of blog that lets users publish short text updates. Bloggers can usually use a number of service for the updates including instant messaging, e-mail, or Twitter. The posts are called microposts, while the act of using these services to update your blog is called microblogging. Social networking sites, like Facebook, also use a microblogging feature in profiles. On Facebook this is called "Status Updates".</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-21529632957936560212009-07-26T20:45:00.000+05:302009-07-26T20:46:18.005+05:30BEWARE : Repair Shops Hack Your Laptops<b><span style="font-size: 16pt;">BEWARE : Repair Shops Hack Your Laptops</span></b> <p class="MsoNormal"><span style="font-size: 11pt;">July 22, 2009</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Mark White, home affairs correspondent</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://news.sky.com/skynews/Home/UK-News/Sky-News-Undercover-Laptop-Investigation-Repair-Shops-Caught-Hacking-Into-Personal-Files/Article/200907315343387?lpos=UK_News_Top_Stories_Header_0&lid=ARTICLE_15343387_Sky_News_Undercover_Laptop_Investigation%3A_R">http://news.sky.com/skynews/Home/UK-News/Sky-News-Undercover-Laptop-Investigation-Repair-Shops-Caught-Hacking-Into-Personal-Files/Article/200907315343387?lpos=UK_News_Top_Stories_Header_0&lid=ARTICLE_15343387_Sky_News_Undercover_Laptop_Investigation%3A_R</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Some computer repair shops are illegally accessing personal data on customers' hard drives - and even trying to hack their bank accounts, a Sky News investigation has found.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">An investigator from the Trading Standards Institute said he was "shocked" by the findings.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The investigation was carried out using surveillance software loaded onto a brand-new laptop.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">It operated without the user being aware that every event that took place on the computer was being logged.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop's built-in camera.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The most serious offender was Revival Computers in Hammersmith, West London.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">As he snooped through the files, he is seen smiling and showing the pictures to another colleague.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked 'private'.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled "mamma jammas".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The only reason he was unsuccessful was because the details were fake.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">However in a telephone conversation, they denied all knowledge of the alleged abuses.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: "I'm really quite shocked, both in the range of potential problems this has revealed - people overcharging, mis-describing the faults - but also people attempting to steal personal details.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It's a big abuse of trust. If you were expert in computers you wouldn't have to hand in your machine to be repaired. They know that.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"They know you won't be able to tell what they've done afterwards, they know you're putting your trust in them and unfortunately, as we're seeing, there are too many people willing to abuse that trust.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"What you've shown is that there is a much wider problem in the industry than we knew about.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced." </span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com1tag:blogger.com,1999:blog-4242865026724235222.post-85453239749877652009-07-26T20:44:00.002+05:302009-07-26T20:45:32.575+05:30SPY : Did Etisalat Spied BlackBerry Customers?<b><span style="font-size: 16pt;">SPY : Did Etisalat Spied BlackBerry Customers?</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">BlackBerry customers revolt after spyware scandal</span></i></b></p> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">If your customers think that you tried to spy on them, that's not going to be good for business.</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">23 July 2009</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/">http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">That's the message that's presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to "to send received messages back to a central server."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;">Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers' BlackBerry devices.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat's BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It's hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;">Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;">Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.</span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;"> </span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;">This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.</span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;"> </span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;">These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.</span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;"> </span></i></p> <p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-size: 11pt;">Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely. </span></i></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">RIM has published an update which removes the application from affected BlackBerry smartphones.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-47173708290019978192009-07-26T20:44:00.001+05:302009-07-26T20:44:48.165+05:30PREDATOR : Indian “Internet predator” held in U.S.<b><span style="font-size: 16pt;">PREDATOR : Indian “Internet predator” held in U.S.</span></b> <p class="MsoNormal"><span style="font-size: 11pt;">PTI</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">24 July 2009</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.hindu.com/2009/07/24/stories/2009072455341300.htm">http://www.hindu.com/2009/07/24/stories/2009072455341300.htm</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Washington: In possibly the first such case involving an Indian in the U.S., police in Pennsylvania have arrested an Indian engineer on charges of using Internet for soliciting young girls for sex.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In a statement, the Pennsylvania Attorney General Tom Corbett said Nityanand Gopalika (30), here on a work visa, allegedly used an Internet chat room to approach what he believed was a 13-year old girl from the Pittsburgh area.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The “girl” was actually an undercover agent from the Child Predator Unit. According to the criminal complaint filed by the Attorney General’s Child Predator Unit, Gopalika engaged in a series of chats over several days questioning the girl about her sexual experience and describing the sex acts he wished to engage in. Gopalika is also accused of sending the girl two obscene web cam videos.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Gopalika was arrested on July 1 when he arrived at a predetermined meeting location.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Following a search of his vehicle, agents seized two laptop computers, a digital camera, a cell phone allegedly containing a partially completed text message to the “child,” directions to the meeting location and a bag of condoms. Gopalika was preliminarily arraigned on July 1 and lodged in the Butler County Jail in lieu of $15,000 cash bail, pending a preliminary hearing on Friday.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-194300751730727962009-07-26T20:36:00.000+05:302009-07-26T20:39:17.529+05:30FINED : HSBC companies slapped with US$5M fines over data breach<b><span style="font-size: 16pt;">FINED : HSBC companies slapped with US$5M fines over data breach</span></b> <p class="MsoNormal"><span style="font-size: 11pt;">By Jo Best, </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">ZDNet Asia</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">July 23, 2009 </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm">http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;">The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.</span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: maroon;">Due to the fact the three firms settled with the FSA, their fines were discounted by 30 percent--the original charges totaled 4.55 million pounds (US$7.47 million).</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"While this is a serious matter, no customer reported any loss from these failures. We are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The three companies have now improved staff training and use encryption when data is being moved.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-64994274060026761412009-07-24T21:22:00.001+05:302009-07-24T21:22:34.391+05:30Quote of the day<b><span style="font-size: 16pt;">Quote of the day </span></b> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">You can have anything you want -- if you want it badly enough.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">You can be anything you want to be, have anything you desire, accomplish anything you set out to accomplish -- if you will hold to that desire with singleness of purpose.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Robert Collier</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">(Publisher)</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-57544211709924004392009-07-24T21:17:00.000+05:302009-07-24T21:21:04.553+05:30New IT Term of the day<h1 style="margin: 0cm 0cm 0.0001pt;"><strong><span style="font-family: Arial;">New IT Term of the day </span></strong></h1> <div class="MsoNormal" style="text-align: center;" align="center"><strong><span style="font-size: 11pt; font-family: Arial; color: maroon;"> <hr align="center" size="2" width="100%"> </span></strong></div> <p class="MsoNormal"><span style="font-size: 24pt;">chicken boner</span></p> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">A slang term used in reference to an inexperienced spammer. The reference implies that the person is a low-life who spends all their time in front of the computer with "fried chicken bones littering the floor".</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-43455112023531138702009-07-24T21:14:00.000+05:302009-07-24T21:17:03.369+05:30FINED : UK Consultant Handed £5,000 Fine Over Database Breach<b><span style="font-size: 16pt;">FINED : UK Consultant Handed £5,000 Fine Over Database Breach</span></b> <p class="MsoNormal"><span style="font-size: 11pt;">by Desire Athow</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">21 July, 2009, </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.itproportal.com/portal/news/article/2009/7/21/consultant-handed-5000-fine-over-database-breach/">http://www.itproportal.com/portal/news/article/2009/7/21/consultant-handed-5000-fine-over-database-breach/</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">A man behind an illicit database containing details of construction workers has been slapped with a fine of £5,000 for infringing the UK Data Protection Act at Knutsford Crown Court and required to pay a further £1,187.20 in costs.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Last week, Ian Kerr, the founder of The Consultancy Association (TCA) which illicitly held and sold confidential information of employees, has been found guilty of data breaches and eventually ordered to pay considerable fines.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Kerr was sentenced by the Court following an investigation by the Information Commissioner’s Office, which disclosed that he conducted a secret operation to vet construction workers for job in the industry.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">David Smith, Deputy Information Commissioner, commented on the case by saying, “Ian Kerr colluded with construction firms for many years flouting the Data Protection Act and ignoring people's privacy rights. Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity.”</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">It was ascertained by the Court that the database created by TCA held information on as many as 3,213 construction workers and was utilised by around 40 construction companies.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The information watchdog is said to take enforcement action against 17 construction companies that paid Kerr for information on workers, in the wake of any representations made by the firms. </span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-3425957541288154922009-07-24T21:12:00.000+05:302009-07-24T21:13:00.484+05:30JAILED : Two years in jail for IT director who wiped medical data<b><span style="font-size: 16pt;">JAILED : Two years in jail for IT director who wiped medical data</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">Ex-employee deleted crucial organ donation records</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">By Jaikumar Vijayan </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">www.computerworlduk.com </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">21 July 2009</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.computerworlduk.com/management/security/data-control/news/index.cfm?RSS&NewsId=15841">http://www.computerworlduk.com/management/security/data-control/news/index.cfm?RSS&NewsId=15841</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">An IT director at an organ donation organisation has been sentenced to two years in prison for intentionally deleting numerous records and other data after being fired from her job.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Danielle Duann, 51, who worked at an organ procurement centre for more than 200 hospitals in Texas, was also sentenced to three years of supervised release upon completion of her term and ordered to pay more than $94,000 in restitution to her former employer, LifeGift Organ Donation Center.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Duann in April had pleaded guilty to one count of unauthorised access to a protected computer.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Court documents filed in connection with the case describe what is becoming an increasingly familiar tale of companies victimised by insiders.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Duann was hired by LifeGift in 2003 and put in charge of overseeing the company's entire IT infrastructure and fired in November 2005 for reasons not specified in court documents.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">At the time of her termination, Duann was informed in writing that all her access rights had been revoked. The company also took steps to lock all administrator accounts to which Duann was known to have access.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Despite such steps, Duann still managed to access LifeGift's network from her home on the same evening she was fired, via a VPN account that she appears to have previously set up without anyone's knowledge.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Once inside the network, Duann used an administrator account belonging to another LifeGift employee to log into several servers, including the company's organ donor database server and main accounting server, multiple times.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Over the next several hours, she then deleted donor records, accounting invoice files, database and software applications, backup files and the software tokens needed to run some applications.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In a bid to cover her tracks, Duann manually deleted all logs of her VPN sessions with the company's network. She also disabled the activity logging functions on the database and accounting servers -- making it impossible for LifeGift to identity all of the individual files and applications she deleted, the court documents said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Duann's sabotage, however, was discovered the next morning by an employee of a network services company that had just been hired by LifeGift to provide backup and disaster recovery services for the non-profit. The employee noticed someone deleting files in real-time from a VPN connection, which he quickly terminated.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The VPN connection logs and IP address was later traced back to Duann's home Internet connection. A subsequent search of Duann's home and computer systems by the FBI uncovered more evidence that linked her to the sabotage.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Like countless similar incidents, this one highlights the challenges that companies face when it comes to protecting data and systems from malicious insiders. In this case, the sabotage occurred even though LifeGift appears to have taken most of the measures that security experts recommend when employees leave the company or are fired.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">For instance, the company immediately revoked Duann's access privileges after terminating her and disabled all administrator accounts to which she had had previous access. The fact that Duann still managed to access the company's servers just hours later, highlights how difficult it can sometimes be to stop insiders who plan to do harm.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-11899569717945126762009-07-24T21:11:00.001+05:302009-07-24T21:11:53.333+05:30THREAT : Cyber attack a threat to London Olympics<b><span style="font-size: 16pt;">THREAT : Cyber attack a threat to London Olympics</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">Organizers feel that a potential cyber attack posed a unique challenge for the London 2012 Olympics</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">Avril Ormsby</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">July 22, 2009</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.ciol.com/Global-News/News-Reports/Cyber-attack-a-threat-to-London-Olympics/22709122606/0/">http://www.ciol.com/Global-News/News-Reports/Cyber-attack-a-threat-to-London-Olympics/22709122606/0/</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">LONDON, UK: Olympic organizers are "very alive" to the threat of a cyber attack on the London 2012 Olympics, made more challenging because of its evolving nature, senior Interior Ministry officials said on Tuesday.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Ticketing systems, the transport network and hotel bookings as well as security are among potential targets.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Olympic security officials are also planning for the possible diversion of aircraft to protect airspace around the venues from terrorist attacks, the officials said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The greatest threat to security at the Games is international terrorism, the government's latest "Safety and Security Strategy" report said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"There's no current evidence of a terrorist threat to 2012," one of the Interior Ministry officials said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"But if you look at precedents for sporting events, and to some degree about Olympic events, it would not be beyond the point of imagination to imagine a terrorist threat to 2012 nearer the time."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Metropolitan Police Assistant Commissioner Chris Allison said it was likely there would be a terrorist threat at the Games but he pointed to Britain's "long history of delivering safe sporting events".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><b><span style="font-size: 11pt;">Threats Change</span></b></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Despite the British government on Monday lowering the threat level from international terrorism from "severe" to "substantial", security planning for the Games will be based on an assumed threat level of severe -- the second highest level.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Interior Minister Alan Johnson said in a statement that security planning was "progressing in good time and to budget".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">A total of 600 million pounds ($980 million) has been put aside for security, but Interior Ministry officials said if the threat increased it could put upward pressure on costs.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The officials, who declined to be named, said a potential cyber attack posed a unique challenge because it was constantly changing and that more funds were being directed at the problem of computer attacks.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"The general challenge reflected in cyber is anticipating what threats will look like three years out, and threats change, the nature of terrorism changes and the nature of serious crime changes as well, and cyber specifically is a really good example of a moving threat," one of the officials said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"I think we are very alive to the cyber (issue) and we are very alive to the fact that at the moment it is difficult to predict what it will look like with specific reference to the Games in 2012."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Officials are also drawing up plans for protecting water and air space around Olympic venues from possible attack, including possibly diverting aircraft. It is expected diversions would most likely affect smaller, private aircraft.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"We do expect there will have to be some management of air space," another of the Interior Ministry officials said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"We do not expect that any airports will have to be closed."</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-24002357726429885942009-07-24T21:07:00.000+05:302009-07-24T21:10:44.914+05:30TOPPER : U.S. Is Top Spam-Producing Country<b><span style="font-size: 16pt;">TOPPER : U.S. Is Top Spam-Producing Country</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">The US has been named the world's biggest spam-producing country, says security vendor Sophos.</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">By Carrie-Ann Skinner</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">PC Advisor (UK) </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">July 21, 2009 </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.cio.com/article/497728/U.S._Named_As_Top_Spam_Producing_Country">http://www.cio.com/article/497728/U.S._Named_As_Top_Spam_Producing_Country</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The US has been named the world's biggest spam-producing country.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Security firm Sophos said the US was responsible for 15.6 percent of all spam received between April and June this year - that's one in every six junk emails.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The US was closely followed by Brazil, which produced 11.1 percent of all spam, and Turkey, which generated 5.2 percent.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Russia</span><span style="font-size: 11pt;">, which was second on Sophos' Dirty Dozen list a year ago, has now fallen to ninth place and was only responsible for 3.2 percent of all spam between April and June.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Graham Cluley, senior technology consultant for Sophos, said: "Barack Obama's recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard. If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the net".</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-50142801538270828762009-07-19T21:50:00.001+05:302009-07-19T21:50:56.580+05:30Quote of the day<b><span style="font-size: 16pt;">Quote of the day </span></b> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">When it is dark enough, you can see the stars.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Charles Beard</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-835634072093485932009-07-19T21:49:00.000+05:302009-07-19T21:50:12.625+05:30New IT Term of the day<h1 style="margin: 0cm 0cm 0.0001pt;"><strong><span style="font-family: Arial;">New IT Term of the day </span></strong></h1> <div class="MsoNormal" style="text-align: center;" align="center"><strong><span style="font-size: 11pt; font-family: Arial; color: maroon;"> <hr align="center" size="2" width="100%"> </span></strong></div> <p class="MsoNormal"><span style="font-size: 24pt; color: rgb(0, 0, 51);">spamware </span></p> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">Software that is used by spammers to send out automated spam e-mail. Spamware packages may also include an e-mail harvesting tool.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-4504026555579997892009-07-19T21:47:00.000+05:302009-07-19T21:49:37.555+05:30SURVEY : One in six consumers acts on spam<b><span style="font-size: 16pt;">SURVEY : One in six consumers acts on spam</span></b> <p class="MsoNormal"><span style="font-size: 11pt;">Jeremy Kirk</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">July 14, 2009 </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">IDG News Service</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.computerworld.com/s/article/9135496/One_in_six_consumers_acts_on_spam_survey_says?source=CTWNLE_nlt_virusv_2009-07-16">http://www.computerworld.com/s/article/9135496/One_in_six_consumers_acts_on_spam_survey_says?source=CTWNLE_nlt_virusv_2009-07-16</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits as well as awareness of current security issues.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Those who did admit to opening a spam message -- which in and of itself could potentially harm their computer -- said they were interested in a product or service or wanted to see what would happen when they opened it.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It is this level of response that makes spamming a lot more attractive as a business because spam is much more likely to generate revenues at this response rate," according to the survey.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">One other study, conducted by the computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Those researchers infiltrated the Storm botnet, a network of hacked computers used to send spam.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">They monitored three spam campaigns, in which more than 469 million e-mails were sent. Of the 350 million messages pitching pharmaceuticals, 10,522 users visited the advertised site, but only 28 people tried to make a purchase, a response rate of .0000081 percent. Still, that rate is high enough to potentially generate up to $3.5 million in annual revenue, they concluded.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">MAAWG's survey showed that nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security, a highly complex field even for those trained in it, said Michael O'Reirdan, chairman of MAAWG's board of directors.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">And some 80% of people felt their machine would never be infected with a bot, or a piece of malicious software that can send spam, harvest data and do other harmful functions. That's dangerous, O'Reirdan said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"If you don't believe you aren't going to get one, you aren't going to look for one," he said. "If you get a bot, you're a nuisance to other people."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Interestingly, 63% of consumers said they would allow remote access to their computer to remove malware. That idea is under increasing discussion in the security community, which is grappling with how to deal with botnets. Botnets can also conduct denial-of-service attacks against Web sites, such as the ones attacked last week in South Korea and the U.S.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Some ISPs are building automated systems that can cut off a computer's Internet access if the machine is suspected of containing malware. Consumers are then given instructions on how to patch their machine and install security software. When their PC is clean, they are restored full access to the Internet. MAAWG is close to issuing a set of guidelines for ISPs on how to battle botnets.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"The best thing a user can do is patch their machine religiously," O'Reirdan said. "It's incredible easy to do." </span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-5624490106140430842009-07-19T21:45:00.000+05:302009-07-19T21:46:49.553+05:30RISK : SPAM BOT for 3G Phone<b><span style="font-size: 16pt;">RISK : SPAM BOT for 3G Phone</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">Zombies bite into Symbian smartphones</span></i></b></p> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">Low-risk mobile Trojan bundles botnet features</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">By John Leyden</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">16th July 2009 </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.theregister.co.uk/2009/07/16/mobile_trojan/">http://www.theregister.co.uk/2009/07/16/mobile_trojan/</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Security researchers have identified the first known spam bot client for 3G phones.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">YXES-B poses as a legitimate application called Sexy Space (ACSServer.exe) to steal the subscriber, phone, and network information of victims. The malware forwards these details to a site under hacker control.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The same site contains message clips that form the template to send spammed SMS messages to the victims' contacts.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The malware therefore has a command and control infrastructure that makes it a botnet for mobile phones, according to Trend Micro, the security software firm.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The code-signing process applied by Symbian is designed to enure that threats like YXES-B never meet the light of day. Hackers have subverted this process for a second time - YXES-B was proceeded by an earlier variant. It it's unclear how they have done this</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The damage potential posed by the malware is quite high. Fortunately, incidents of actual infections remain low.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">More details on the threat can be found in a write-up from Trend Micro here <a rel="nofollow" target="_blank" href="http://blog.trendmicro.com/signed-malware-coming-to-a-phone-near-you/#ixzz0LLLdJHN9&D">http://blog.trendmicro.com/signed-malware-coming-to-a-phone-near-you/#ixzz0LLLdJHN9&D</a></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-41023513957002562882009-07-19T21:44:00.000+05:302009-07-19T21:45:16.022+05:30PROFESSIONAL : Cyber Criminals using Business School Teachings<b><span style="font-size: 16pt;">PROFESSIONAL : Cyber Criminals using Business School Teachings</span></b> <p class="MsoNormal"><b><i><span style="font-size: 11pt; color: maroon;">Cyber crime lords using big business tactics:Cisco</span></i></b></p> <p class="MsoNormal"><span style="font-size: 11pt;">PHYSorg.com / AFP</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">14 Jul 2009 </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://www.physorg.com/news166817806.html">www.physorg.com/news166817806.html</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco. </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson. </span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"The novel thing is that they have taken the Harvard Business School, General Electric board room</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">business training and applied it to their old techniques."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The California technology firm specializing in computer networking gear summarized current threats in a "Midyear Security Report" that concludes hackers are increasingly operating like successful businesses.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Peterson cited how cyber hackers capitalized on interest in the death of pop icon Michael Jackson in late June.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Disasters, celebrity doings and other major news is routine fodder for bogus emails and websites</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">booby-trapped with computer viruses, but in the case of Jackson's death, crooks cranked out fake news stories to dupe readers.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"They had their criminal copy editors working on copy for the story as fast as it happened," Peterson said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"They brought the Jackson story to market in a way that rivals media outlets. They have an advantage; they don't have to do any reporting."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Billions of spam messages with links to trick websites or videos promising scintillating Jackson images and information were fired off in the days after his June 25 death, according to Cisco.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"Sales leads" that followed online links were turned into "customers," whose computers were stealthily infected with nefarious codes for stealing data, usurping control of machines or other evil deeds.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Cyber criminals are reportedly embracing a nefarious version of a "cloud computing" trend of offering</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">computer applications online as services.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Commanders of infected computers woven into "botnet" armies rent out illegally assembled networks to fellow criminals for sending spam, launching attacks or other deeds, according to Cisco.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Peterson told of an "anti-anti-virus" online operation called "Virtest" that charges hackers monthly fees to keep them informed about which security firms can detect their malicious programs.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It's a criminal service," Peterson said of the operation, which appears to be based in Russia. "We've seen lots of examples of criminals sharing tools, but we've never seen a commercial business like this."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Spammers also employ a business marketing practice of packing booby-trapped websites with terms</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">typically used as keywords in various Internet search engines so that their links land high in query results.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><b><span style="font-size: 11pt; color: maroon;">Cisco referred to the practice as "Spamdexing."</span></b></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"Because so many consumers tend to trust and not be suspicious of rankings on leading search engines, they may readily download one of the fake software packages assuming it is legitimate," Cisco said in the report.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Cyber crooks are also hunting for prey in the rapidly expanding population of mobile telephone users by sending trick text messages.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Callers are connected to automated voice systems that, feigning to represent the banks, ask people to enter account passwords and other personal information that can later be exploited, Peterson said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Online social networks, according to Cisco, are becoming popular "customer acquisition" territory for cyber criminals.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It's big business now to penetrate those networks," said Peterson.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">People in online communities are more likely to click on links and download content they believe is from people they know and trust, the report said.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-60469982972233862152009-07-19T21:41:00.000+05:302009-07-19T21:44:26.339+05:30BEWARE : Hacker Hacked Twitter – Stolen Secret Documents<b><span style="font-size: 16pt;">BEWARE : Hacker Hacked Twitter – Stolen Secret Documents </span></b> <p class="MsoNormal"><span style="font-size: 11pt;">By Maggie Shiels</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Technology reporter </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">BBC News</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">2009/07/16</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"><a rel="nofollow" target="_blank" href="http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8153122.stm">http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8153122.stm</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The microblogging service Twitter has been terribly hacked. Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">TechCrunch has made public some of the 310 bits of material it was sent.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">It posted information about Twitter's financial projections and products.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Mr Stone, Twitter's co-founder, went on to stress that "the attack had nothing to do with any vulnerability in Google Apps".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">He said this was more to do with "Twitter being in enough of a spotlight that folks who work here can be a target".</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In his blog post, Mr Stone underlined the need for increased online security within the company and for staff to ensure their passwords are robust.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">It is believed a French hacker who goes by the moniker "Hacker Croll" illegally accessed the files online by guessing staff members' passwords.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><b><span style="font-size: 11pt;">"News value"</span></b></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">A number of technology blogs were offered the documents for publication in what is now being dubbed "Twittergate" in some online forums.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">TechCrunch, one of the most respected blogs in Silicon Valley, has set off a firestorm of criticism and debate over its decision to post some of the material.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">It started things off with what it called a "softball" and published details about a reality TV show involving Twitter. Details of such a programme were made public in May.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">That was followed by documents relating to an internal Twitter financial forecast that the company said is no longer accurate.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"There is clearly an ethical line here that we don't want to cross, and the vast majority of these documents aren't going to be published, at least by us.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"But a few of the documents have so much news value that we think it's appropriate to publish them," wrote TechCrunch Editor and founder Michael Arrington</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Mr Arrington noted the site received a deluge of comments on the issue and said "many users say this is "stolen" information and therefore shouldn't be published. We disagree.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"We publish confidential information almost every day on TechCrunch. This is stuff that is also "stolen," usually leaked by an employee or someone else close to the company."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The TechCrunch founder cited examples of stories it has covered in the past that involved information it had acquired and also those covered by newspapers like the Wall Street Journal that had done a similar thing.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Mr Arrington said that he has also consulted lawyers about the laws that cover trade secrets and the receipt of stolen goods.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><b><span style="font-size: 11pt;">"Embarrassing"</span></b></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The hacker has claimed to have wanted to teach people to be more careful and in a message to the French blog Korben, wrote that his attack could make internet users "conscious that no one is protected on the net."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"The security breach exploited "an easy-to-guess password and recovery question, which is one of the simplest ways to make a username and password combination really insecure," said Phil Wainewright of ZDNet.com</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"Unfortunately, users won't wise up until the cloud providers force them to."</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In a study last year the security firm Sophos found that 40% of internet users use the same password for every website they access.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The affair has put Google on the defensive because the information was stored in Google Apps, an online package of productivity software that includes email, spreadsheets and calendars.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">The company issued a blog post. While it highlighted the need for strong security, it said it could not discuss individual uses or customers.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Twitter's Mr Stone tried to play down the importance of the information being touted around the web.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"This is "akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there." That is an apt apology," Mr Stone said.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">At the social media blog Mashable, Adam Ostrow agreed.</span></p> <p class="MsoNormal"><span style="font-size: 11pt;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">"It's another embarrassing moment in Twitter's torrid growth, but nothing that's likely to bring the house down."</span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: red;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Also see -</span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Tech Crunch’s posting-</span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: red;"><a rel="nofollow" target="_blank" href="http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/">http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/</a></span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: red;"> </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">Twitter’s response</span></p> <p class="MsoNormal"><span style="font-size: 11pt; color: red;"><a rel="nofollow" target="_blank" href="http://blog.twitter.com/2009/07/twitter-even-more-open-than-we-wanted.html">http://blog.twitter.com/2009/07/twitter-even-more-open-than-we-wanted.html</a></span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0tag:blogger.com,1999:blog-4242865026724235222.post-84834395686364391822009-07-17T22:02:00.001+05:302009-07-17T22:02:23.587+05:30Quote of the Day...<b><span style="font-size: 16pt;">Quote of the day </span></b> <div class="MsoNormal" style="text-align: center;" align="center"> <hr align="center" size="2" width="100%"> </div> <p class="MsoNormal"><span style="font-size: 11pt;">In school you get the lesson and then take the test; </span></p> <p class="MsoNormal"><span style="font-size: 11pt;">In life you take the test and then get the lesson.</span></p>Aseem Kaisthahttp://www.blogger.com/profile/13557863013994967168noreply@blogger.com0