AOL are planning to charge for emails. Mass mailers will be able to pay for a higher priority delivery, bypassing the AOL spam filters and ensuring that mail is received directly in the end users inbox.

This is, obviously, a bad thing since spammers will be able to pay a small offset to ensure that their messages are delivered direct to the end users inbox, whilst legitimate messages will face the AOL spam filter gauntlet. Programmes such as this will only see a rise in spam, and a fall in the success rate of legitimate mail being successfully delivered.

Tags: News, Privacy-&-Anonymity, Real-World Issues, Security Policies

Categories: News, Privacy & Anonymity, Real-World Issues, Security Policies

Comments Off

Grant Stanley, an elite torrent hacker that has just been sentenced for a total of ten months imprisonment and a $3,000 fine for his role in creating EliteTorrents. EliteTorrents was a BitTorrent tracker site that was one of the most visited sites in the world. EliteTorrents did not actually contain the illegal copies of software, movies, music and games. Instead, the site provided trackers leading to these materials. He will be spending half of this time in prison and the other half in home detention, and then he will be on supervised release for the next three years. This is not the first BitTorrent-related conviction in the United States. Two months earlier Scott McCausland pleaded guilty for criminal copyright infringement related to EliteTorrents.

Crimes involving piracy and illegal distribution has prompted Microsoft to require a mandatory antipiracy check of their productivity software. This means that users must prove that the software applications are 100% before gaining access to add-ons and updates from the software giant. Users who unknowingly received a counterfeit copy of Office may receive a complimentary copy of Microsoft Office after filling out a counterfeit report, provide proof of purchase, and sending in their counterfeit cds.

Prosecuting such cybercrimes have gained momentum over the years, aided by an increased cooperation between the police and the targetted victims. This week a Florida resident, John Bombard, was charged for establishing a bot network of compromised computers from which he launched a Denial of Service attack on servers managed by Akamai Technologies. If convicted, he will face up to two years’ imprisonment and a fine of several thousand dollars. Hopefully with the increased vigilance from organizations will lead to a cut down to these crimes.

[tags]news, bittorrents, crime, conviction[/tags]

Tags: bittorrents, conviction, crime, News

Categories: News

Comments Off

Microsoft’s patch update for this month fell on Tuesday this week as they issued ten of the eleven scheduled security patches. These patches fixes 26 security vulnerabilities, the largest number of flaws fixed with one patch update since they began their monthly patch cycle. Six of these patches are important; five of these fix critical vulnerabilities in the Windows shell and Office suites that hackers may exploit to remotely control your system. The last one is an update for the Windows Service that could allow a denial of service attack. An out-of-cycle patch has also been released last month dealing with the VML-exploit on Internet Explorer web browser.

Since programs are constantly evolving to improve usability and performance, as time passes problems may arise as glitches in the source code gets revealed. Installing these patches is essential for ensuring your computer system’s security. Not only do these patches fix any bugs that are known to attackers, they also fix any privately disclosed ones that security researchers have uncovered and reported to the software company. In the days after a patch is released hackers will attempt to exploit these formerly-undisclosed vulnerabilities on unpatched computers.

If you have the option to receive reminders for these patches for your system and applications, use it. Then check out if they’re stable before installing them. Of course, glitches can happen all the time. Users have reported delays in receiving patches from the Windows Update system, but they have been advised to manually download the patches from the download site.

[tags]Microsoft, security patches[/tags]

Tags: IT Security Basics, Microsoft, Network Security, News, security-patches

Categories: IT Security Basics, Network Security, News

Comments Off

Several companies are attempting to apply Voice over Internet Protocol (VoIP) to mobile phones. T-mobile announced that they are going to launch mobile wi-fi cellular hybrids by the end of the year. Once these phones detect a Wi-fi connection they will automatically switch to the Wi-fi and connect calls through VoIP without interruptions.

Companies used VoIP technology to make calls are increasing, cutting down the cost of long-distance calls, but so far it’s been limited to office or home use. Cellular phone companies like Nokia have launched the N80 Internet Edition, their latest products with mobile phone-based VoIP. The road to this conversion has not been smooth, however. Last month major VoIP company Skype announced that there will be delays for their plans to expand their services to mobile phones due to technical difficulties and the lack of compatible handsets. But it’s certainly only a matter of time before users get a wide variety of VoIP-related services on their mobiles.

VoIP may end up being cheaper than conventional mobile calls, but the same security concerns that plague VoIP will apply to this developing technology. There are still encryption issues for the data packets sent over the Internet, and the possibility of having calls eavesdropped or even rerouted by attackers. The worst posssiblity would be a denial of service (DoS) attack that can degrade call quality or completely crash the end service. So far there has been no clear-cut solutions to these problems, and users must be aware that these security issues exist.

[tags]voip, mobile. security[/tags]

Tags: mobile.-security, News, Real-World Issues, voip, Wireless Security

Categories: News, Real-World Issues, Wireless Security

Comments Off

A proposal for the suggested data retention law is already in the works and may now be extended to affect Web hosting sites and domain name registries. Last week US Attorney General Alberto Gonzales urged Senate to pass the data retention law as an aid in combating online child pornography. He also stressed for a need to increase current administrative subpoena powers and tighter money laundering laws to keep track of who is financing child pornography sites.

Such a law is meant to help combat crime and terroristic activity. The proposed law does not require the content of these communications to be preserved, only the logs of e-mail, Internet, phone activity and other identifying information useful for locating a customer. This data can only be accessed by court order similar to cases involving physical searches.

Privacy and industry groups are opposed to the proposal saying existing laws are sufficient for law enforcement. A 1996 federal law requires Internet providers to retain records for up to 90 days at the request of a government entity, while another law requires child pornography sightings to be reported. Civil liberties groups oppose this move, arguing that the information can be used for other purposes. ISP providers are also pointing out the increased costs of keeping and holding this increase in data. It is not clear just who will end up shouldering this cost.

The European Union had already passed a similar data retention law in 2005 requiring all telephone and Internet traffic to be stored from a period of six months up to two years.

Tags: News, Real-World Issues

Categories: News, Real-World Issues

Comments Off

Mozilla’s Firefox has the most number of vulnerabilities at forty seven, followed by Microsoft Internet Explorer’s thirty eight. This is an increase from last year’s record of 17 and 25, respectively. Even Apple’s Safari doubled its vulnerabilities to twelve, but Opera’s bugs decreased from nine to seven. IE remains as the most targeted web browser, accounting for 47% of all attacks. In second place (31%) are attacks exploiting the same vulnerabilities in multiple browsers, and Firefox placed third with 20 percent.

Despite the higher number of bugs, Mozilla ranks first in issuing patches, averaging only a day after public disclosure. Opera and Safari closely follows, while IE ranks last, avering nine days per patch. As for operating system patches, Sun has the highest patch development time at 89 days, while Microsoft ties with Red Hat for the shortest at 13 days.

7 out of every 10 new vulnerabilities uncovered from January through June were bugs in Web applications, and four-fifths of these were easily exploitable. Most of the attacks targeted home users and small businesses.

Phishing has also increased, with the financial sector receiving the bulk of these attacks. Phishing targeting Internet service providers (ISP) accounts ranked second. The United States was both the source of most attacks and the target for most Denial of Service (DoS) attacks.

A copy of the report can be downloaded from Sysmantec’s here.

Tags: News, Real-World Issues

Categories: News, Real-World Issues

Comments Off

What happens to your old units when you buy the newest mobile phone units coming out every few months? Are you generous and give it away to a friend or relative? Or do you delete your data according to the manual and try to sell it online, earning some cash in the process? Maybe the last option appeal to you, but be warned that your erased data might not be as gone as you think.

Last month a company named Trust Digital bought ten phones from E-bay and managed to recover data from all of them. The data ranged from personal information and bank account details to company communications. They recovered all this data because smart phones today use flash memory to store information, and it’s slow to erase information from them. Such flash memory are also used in music players and digital cameras. Only a zero out reset of the device can ensure the total obliteration of data. The same issues can arise with people selling their laptops online. Software easily obtainable online can recover records of your online transactions, which can then lead to sensitive personal data.

It may seem difficult to make a profit from getting information from an old mobile phone or laptop, but seeing the rise in corporate data breaches from stolen mobile gadgets, it’s not improbable that someone would attempt to do so. The best tip in this situation is to contact your gadget manufacturer for detailed instructions on a complete data erasure. If your device has password protection, you can try to type your password incorrectly until you are notified that the action will erase all of your data.

Tags: News, Physical Security, Real-World Issues, Tips

Categories: News, Physical Security, Real-World Issues, Tips

Comments Off

My name is Danjuma Sule, one of the sons of major Gen Gumel Danjuma Sule, The late Nigeria’s former minister of mines and power in the regime of the late former Nigeria’s military Head of state, Gen Sanni Abacha. I am having a huge sum of money in the total sum of $18.6Million presently hidden in a safe place –

Sounds familiar? Maybe the words are different, but the contents are almost always the same. A complete stranger writes to you, and offers a large sum of money in the form of unclaimed foreign lottery winnings, a business investment, or a transfer of illegally-obtained funds. If at this point you express interest, they’d inform you they might need a little advance to handle transactions before you receive your money. Occasionally they will present official-looking documents and ask for your bank account information, as if guaranteeing you will receive the money – but you never do.

This type of advance fee scam is often called the Nigerian 419 scam, after the law it violates in that country. Though purporting to come from Nigeria, a number of these scammers now originate from Europe and America. They send thousands of e-mails hoping one or two might bite, and strange as it might sound, people do fall for these schemes.

At first it might not seem like this is an IT security issue, but the whole operations of these scammers rely on the Internet. They can create a new identity online with a few keystrokes, photos and addressed acquired off a search engine, and a free e-mail account. They’ve recently moved on to targetting online auctions, and credit card fraud. Some have even began searching for victims through popular dating services, but they cannot be traced unless they’re reported to the proper government offices. Statistics on this kind of crime is very unreliable due to the large number of cases that go unreported every year. A modest estimate has each scammer getting thousands of dollars per month. At this point you can use the technology on hand so you do not become a victim of these scams. Use search engines to verify if they are who they claim they are, familiarize yourself with their techniques, and always be constantly vigilant.

Tags: News, Privacy-&-Anonymity, Real-World Issues

Categories: News, Privacy & Anonymity, Real-World Issues

Comments Off

You’re probably taking part in one right now : you write about how your day was on an online journal, and check out how your friends are doing on theirs. You might have a profile on another site, sharing music or photos to friends and maybe complete strangers who’ve linked their profiles to yours, and if you’re feeling particularly romantic you might try online dating. Sites like the ones offering these services promote the creation of online social networks, where you keep in touch with old friends, and make new ones with people who share your interest, but might never meet outside the web.

Sounds like a good thing, all in all. Except for the issues dealing with privacy.

Privacy. In its basic sense, it’s all about keeping certain things that you want to keep to yourself private. It’s always important to safeguard your personal information, especially with people ready to use it for criminal acts against you. But it leads to a tricky situation when you’re dealing with social networking sites, where you might not be aware you’re giving this same information away. After all, popular sites like MySpace allows visitors not logged in to the site to visit profiles. And recently Facebook, a social networking site geared for college students, faced protests from its users when they announced the news feed feature. Users felt it was a breach of their privacy, going so far as to call it stalking, even if most of the information you can get from these were things readily available to their friends. Though the clamor has died down, and Facebook has added privacy settings, the users are now aware how much information Facebook can actually share.

It’s a fact that since Facebook is the one providing the services to connect users to each other, they can make changes in their privacy policy and how they give those services to the users. Users might not like these changes, but they must accept it, or shift to another service. Facebook, and other companies like it, should also take their users’ possible reactions to any percieved attack on their privacy if a situation like this arises again.

Tags: News, Privacy-&-Anonymity, Real-World Issues

Categories: News, Privacy & Anonymity, Real-World Issues

Comments Off

Microsoft confirmed that there has been recent reports of attacks on Internet Explorer using a previously unknown flaw in its VML. VML stands for Vector Markup Language, and is used to display graphic information on the web. This type of malicious code is called exploits. As the name suggests, exploits are code and software created to take advantage of security vulnerabilities in programs and operating systems. They are often used to install malware onto an unsuspecting victim’s computer. This particular exploit allows the attacker to execute arbitrary code on the user’s system, installing a host of malware onto the system.

The attack was first reported by researchers of the Sunbelt Software, Inc. on September 18, and is currently hosted on on a handful of sites. But based on previous browser-oriented attacks it might not be long before legitimate sites are affected. This attack works on all versions of Windows running the IE 6 browser, including fully-patched machines. It is believed that an exploit kit called Web Attacker has been updated to include code to exploit this vulnerability. This exploit kit is sold underground and can be used to easily develop malware.

This is the second attack on an IE vulnerability following a long string of attacks on the company’s Office Suites. The first occurred last week and involved a flaw in the handling of multimedia component of the browser. Microsoft has issued a security advisory saying that a patch to handle this vulnerability is scheduled for release on October 10 or sooner depending on the severity of the problem. It’s been suggested that users can avoid this VML attack by disabling Javascript from their IE or by using alternative web browsers.

Tags: Malware, News, Spyware, Tips

Categories: Malware, News, Spyware, Tips

Comments Off