Grant Stanley, an elite torrent hacker that has just been sentenced for a total of ten months imprisonment and a $3,000 fine for his role in creating EliteTorrents. EliteTorrents was a BitTorrent tracker site that was one of the most visited sites in the world. EliteTorrents did not actually contain the illegal copies of software, movies, music and games. Instead, the site provided trackers leading to these materials. He will be spending half of this time in prison and the other half in home detention, and then he will be on supervised release for the next three years. This is not the first BitTorrent-related conviction in the United States. Two months earlier Scott McCausland pleaded guilty for criminal copyright infringement related to EliteTorrents.

Crimes involving piracy and illegal distribution has prompted Microsoft to require a mandatory antipiracy check of their productivity software. This means that users must prove that the software applications are 100% before gaining access to add-ons and updates from the software giant. Users who unknowingly received a counterfeit copy of Office may receive a complimentary copy of Microsoft Office after filling out a counterfeit report, provide proof of purchase, and sending in their counterfeit cds.

Prosecuting such cybercrimes have gained momentum over the years, aided by an increased cooperation between the police and the targetted victims. This week a Florida resident, John Bombard, was charged for establishing a bot network of compromised computers from which he launched a Denial of Service attack on servers managed by Akamai Technologies. If convicted, he will face up to two years’ imprisonment and a fine of several thousand dollars. Hopefully with the increased vigilance from organizations will lead to a cut down to these crimes.

[tags]news, bittorrents, crime, conviction[/tags]

Tags: bittorrents, conviction, crime, News

Categories: News

Comments Off

Identity theft sounds like it’s mostly done online by hackers who try to scam your information off you, but some of the easiest techniques can be done without even logging in front of a computer.

Frank Abagnale is probably the best example of a successful identity thief. In the late sixties he created different personas to get jobs, free airplane trips, and draw money from various banks before being caught and sent to jail for six years. Since then he’s given his expertise to combatting the same crimes he was charged with, becoming one of the foremost document security experts out there. Here’s several tips from him on how to avoid getting your identity stolen:

• Shred, shred, shred. Dumpster diving can turn up documents with revealing personal information printed on them. Try to use a cross cut shredder to get Some of the documents you should shred are pre-printed checks and pre-approved credit card mailings. They may have your credit card or account numbers written on them, and it only takes a phone call to order and put that to your account.
• Check if you’re missing any mail, especially credit card records and bank statements. And while we’re on the topic of mail - go through your statements and make sure all of your purchases are accounted for.
• Don’t carry anything you don’t need. This applies to Social Security cards, extra credit cards, and any other papers. Leave them in a safe place at home. If you lose them or they get stolen they’ll be more than enough to take your identity.
• In the eventuality that your credit card or papers are stolen, know what government agencies and bank hotlines you can call to report it immediately. The smaller that window between the theft and the report, the shorter the time they can use your data.

[tags]identity theft, tips, Frank Abagnale[/tags]

Tags: Frank-Abagnale, identity-theft, Privacy-&-Anonymity, Real-World Issues, Tips

Categories: Privacy & Anonymity, Real-World Issues, Tips

Comments Off

Most security specialists say that though hackers and phishers are their primary enemies, the ones doing the most damage to their system are the end users. End users may inadvertently let malware on their computers by clicking an attachment or entering an untrustworthy site, but no matter how many times they’re warned and educated about these threats they go on doing the same things.

An article in Dark Reading compiled by their staff lists down ten of the most dangerous behaviors end user do that could compromise the security. Though this isn’t the first list ever made about this issue (nor will it be the last) the themes it had in common with a few other lists I found were:

• Visiting, downloading and installing freeware from sources you’re not sure of. No one would admit it, but chances are users will find a way to visit gambling and porn sites even if they’re banned. They just look for one that’s currently not in the banned list. Music and game downloads sites can also house unseen code that can exploit the computer.
• Disabling the very same security precautions intended to keep you safe. This is especially true for firewalls, anti-virus software, and WiFi connections. Some might find their connection speed lowered by constant reminders of security precautions like password changes, patch updates, and automated virus updates.
• Password precautions. End users may be sharing their passwords with friends and family, increasing the risks of security breaches. Some, for the sake of remembering them easily, use dictionary words and jot them down or save them in their mobiles.
• Clicking on links and attachments from friends and even perfect strangers. It’s only too true that most people click before checking if a link’s legitimate or not, especially for phishing e-mails. And even links from friends on an instant messenger service can be a scam to deliver trojans to your computer.

[tags]dangerous things to do online, list, security, password[/tags]

Tags: dangerous-things-to-do-online, IT Security Basics, list, password, Real-World Issues, security

Categories: IT Security Basics, Real-World Issues

Comments Off

Back up frequently and often. That was a personal mantra in the days when system crashes, virus infections, and floppy disks. These days I still follow it, by burning files onto CDs; it’s better to have duplicates of the same file rather than losing them by a careless press of the button. Here are a few tips to help you while making backups.

A good thing to remember while backing up is to avoid proprietary file formats. These are formats that are copyrighted to a specific company, like .doc from Microsoft. It may seem unimportant at first, but it can spell a lot of difference. The extra knobs and frills added to your files as formatting can render it unreadable by other programs. Though this problem isn’t very common these days since most applications now try to give support to the most common file formats, it still happens. Better to be safe than sorry about that project you’ve been slaving to finish for weeks. In the case of large graphics I’d recommend saving in a format where image elements or layers can be separate from each other. After each major change, save a copy of the new image separately, just in case you have to go back and alter a completely different thing. It’ll save you from a major headache later. If the large file size daunts you, compress it and label with the date and what version it is. It can shrink by up to a quarter of the original file size. That way you know which zip, rar, or tar contains the image you’re looking for.

Speaking of file compressions, if you want to backup your data in compressed files, make sure to organize your files logically before tarring and zipping. I have to sort my files weekly to make sure my documents and pictures are in the right folders. I have my articles, personal e-mails, blogs, and images in separate folders, so that once I compress them I know where everything went. Label each clearly; this applies to CDs and any backup file you make. I still find zips and CD backups from two years ago in my computer, named only with the date I made them, and I have no clue what they contain. Spare yourself the trouble of opening and checking every one of them.

[tags]security, backup, tips[/tags]

Tags: backup, Backups, security, Tips

Categories: Backups, Tips

Comments Off

A botnet to a group of computers that’s been hacked and put under the control of one controller called a bot herder, and all this without the computer owner’s knowledge. They do it by planting a bot into the system and then activating it when it suits their ends.

How they work
Bot herders try to target the machines with broadband internet like those of home users, small universities and enterprises, which are typically with limited resources and knowledge of protecting their systems. These computers often run on Windows without up-to-date patches. The computer are infected by using an e-mail attachment, or more recently, using Internet Relay Chat (IRC). Once infected, the bot logs onto an IRC server to receive commands from the bot herder. Though firewalls, anti-spyware and antivirus programs can stem the flow of attacks, even more programs are being developed to evade detection.

Once a computer is commandeered, the bot herder can use it in a variety of ways. It can be used to download a variety of adware that pays per download, send spam to people listed on the owner’s addressbook, gain confidential information through keylogging, and even cause a directed denial of service attack (DoS) to a selected website by sending huge amounts of traffic and page requests, shutting it down until the attack is over. Because of the flexibility of IRC networks, computers from different countries can be easily connected and controlled through a botnet. Botnets proliferate because the potential of profit is great.

There are signs to tell if a computer has become a zombie in a botnet. Monitor to see if it’s receiving data from a server the user isn’t accessing. Organizations intent on finding and shutting down botnets establish networks specifically made to lure these bot herders out in the open. They allow these to control a computer in their system and tracing the source down. They reverse engineer bots and listen into botnet conversations to find them. If the track a zombie, it will be reported and the data of the infection logged for possible criminal investigations.

[tags]botnet[/tags]

Tags: botnet, IT Security Basics, Real-World Issues

Categories: IT Security Basics, Real-World Issues

Comments Off

Though trojans and viruses are frequently mentioned when dealing with network and computer security, the terms are often interchanged for one another. An innocuous-looking program like a free screensaver that can bring your computer crashing around you is called a trojan. Trojans were named after the Trojan Horse of mythology, when the Greeks pretended to retreat because they feared the wrath of a goddess, leaving a wooden horse as their offering. The Trojans rejoiced and let the horse in, not knowing that a few of the Greeks were hidden inside the horse. In the dead of the night they crept out and attacked the city. That sums up how trojans work. Though it seems like an innocent and useful application or file, these programs would have malicious code hidden inside it. These usually come masquerading as a legitimate attachment or a game file you’d want to download. and they work once you open them.

Trojans are broken down by how they breach the system and how much damage they can cause. Some can be harmless, changing your wallpaper or colors. Others can gain access to your information through keylogging or corrupt your files without your knowledge. A backdoor trojan, for example, will open a way for a malicious attacker to gain access to your computers. The main difference between a trojan and a virus is how it’s distributed. Though a trojan can be sent to multiple targets, as long as it isn’t open it remains inactive.

Trojans are usually transferred through these means: as e-mail attachments, through websites, or file-sharing networks. The simple precaution of not opening e-mails with attachments, even those from your friends and associates, can keep trojans away. Pay attention to the extensions of these attachments, They could be masquerading as image files but are actually executable code. Last, if you find a file that seems useful, check online if it’s legitimate and real. Never download applications if you’re not sure about where it came from.

[tags]trojans, tips[/tags]

Tags: IT Security Basics, Tips, trojans

Categories: IT Security Basics, Tips

Comments Off

Microsoft’s patch update for this month fell on Tuesday this week as they issued ten of the eleven scheduled security patches. These patches fixes 26 security vulnerabilities, the largest number of flaws fixed with one patch update since they began their monthly patch cycle. Six of these patches are important; five of these fix critical vulnerabilities in the Windows shell and Office suites that hackers may exploit to remotely control your system. The last one is an update for the Windows Service that could allow a denial of service attack. An out-of-cycle patch has also been released last month dealing with the VML-exploit on Internet Explorer web browser.

Since programs are constantly evolving to improve usability and performance, as time passes problems may arise as glitches in the source code gets revealed. Installing these patches is essential for ensuring your computer system’s security. Not only do these patches fix any bugs that are known to attackers, they also fix any privately disclosed ones that security researchers have uncovered and reported to the software company. In the days after a patch is released hackers will attempt to exploit these formerly-undisclosed vulnerabilities on unpatched computers.

If you have the option to receive reminders for these patches for your system and applications, use it. Then check out if they’re stable before installing them. Of course, glitches can happen all the time. Users have reported delays in receiving patches from the Windows Update system, but they have been advised to manually download the patches from the download site.

[tags]Microsoft, security patches[/tags]

Tags: IT Security Basics, Microsoft, Network Security, News, security-patches

Categories: IT Security Basics, Network Security, News

Comments Off

Several companies are attempting to apply Voice over Internet Protocol (VoIP) to mobile phones. T-mobile announced that they are going to launch mobile wi-fi cellular hybrids by the end of the year. Once these phones detect a Wi-fi connection they will automatically switch to the Wi-fi and connect calls through VoIP without interruptions.

Companies used VoIP technology to make calls are increasing, cutting down the cost of long-distance calls, but so far it’s been limited to office or home use. Cellular phone companies like Nokia have launched the N80 Internet Edition, their latest products with mobile phone-based VoIP. The road to this conversion has not been smooth, however. Last month major VoIP company Skype announced that there will be delays for their plans to expand their services to mobile phones due to technical difficulties and the lack of compatible handsets. But it’s certainly only a matter of time before users get a wide variety of VoIP-related services on their mobiles.

VoIP may end up being cheaper than conventional mobile calls, but the same security concerns that plague VoIP will apply to this developing technology. There are still encryption issues for the data packets sent over the Internet, and the possibility of having calls eavesdropped or even rerouted by attackers. The worst posssiblity would be a denial of service (DoS) attack that can degrade call quality or completely crash the end service. So far there has been no clear-cut solutions to these problems, and users must be aware that these security issues exist.

[tags]voip, mobile. security[/tags]

Tags: mobile.-security, News, Real-World Issues, voip, Wireless Security

Categories: News, Real-World Issues, Wireless Security

Comments Off

Are you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous - if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous - it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Tags: e-commerce, IT Security Basics, online-security, Operating Systems, passwords, phishing, Security Policies, Tips

Categories: IT Security Basics, Security Policies, Tips

Comments Off

NTT Communications (Japan) have created a new secure Instant Messaging system. This system communicates over TLS (Transport Layer Security), the successor to the SSL standard.

Communications on most IM systems are secured between client and server - where password exchange typically takes place, but once the initial connection has been established, messages themselves are usually passed directly between clients. In the new messaging system, all communication goes through the sever, and is performed over an encrypted TLS connection.

This allows, apparently, restrictions on the server to govern which users can talk to each other, which types of files may be sent, and so on.

This sounds like a great idea, but there is a reason for current systems to communicate directly between clients - a single relay server is a single point of failure, and also serves as a bottleneck in the network. Using TLS only serves to further slow down the server, and I am not sure how well this solution would scale (though a network of servers, IRC style, might work…)

Meanwhile, for small to medium corporations, this could be the secure solution that has been needed for a long time. It will be a while before it becomes scalable to the entire Internet, though, I expect.

[tags]IM software,bottleneck,encryption,data centers, instant messaging, online security[/tags]

Tags: bottleneck, Cryptography, data-centers, encryption, IM-software, Instant Messaging, Network Security, online-security

Categories: Cryptography, Network Security

1 Comment