NoName

Computers in my life

noreply@blogger.com (RECC) — Sat, 17 Nov 2007 02:31:00 +0000

Fun, relaxation, money, friends, can you get all that with only one tool? The answer is yes.

What is the name of that magical instrument? Technology's greatest invention, Computers. They are sophisticated equipment that performs three main tasks: accept structured input, process it according to prescribed rules and produce a result as output. They come in a remarkable rage of sizes and shapes, and have different abilities and application. They can be a bunch of equipment with little or not use, or a powerful instrument if you know how to use it. They play a very important role in my life. In today's society, computers are necessary; they are used in all kinds of jobs.

They are used in Science fields like Math and Medicine, but they are also used in fields like mechanics. Imagine, even for someone that fix cars a computer is necessary. Computers have a very respected place in our world today; new generations are using them for everything: to learn, to communicate, to do research, etc., and old generations have become to accept them as well; even though they always reject any changes. I really do not understand how can computers be so useful and how?"

Oh! Well, computers are more than a simple tool, my life changed since the first moment they came into my life, early 1995. They turn my mind around completely, it was like a perfect match. Since the first time I sat in one, I knew they will become an undeniable part of my life. It has been twelve years since then and I my opinion remains the same. I have in fact discovered many more uses for them. Three of those uses are: a method of relaxation, a tool to work and very practical and a useful instrument that makes my life easier.

First, computers are my best method of relaxation when my stress is maximum. They provide me with entertainment; for example, when I use a graphic program like Paintbrush/Photoshop etc to create a design, musics tools, videos and many more, which is definitely one of the best medicines for stress.

Second, computers are also a work tool for me; they allow me to develop my skills and earn money in different fields. For example, creating software, websites, applications etc..which are services that people require often, a ways to make money using a computer.

Third, computers are very useful tools. They can make my life a lot easier and economical. For example, I used them for communication purposes, through e-mail, chatting, forums etc.. This communication technique, also amplified my communication abilities because I can get connected to friends and relatives in other states and even in other countries really easily. Another really important point is that computers amplify my possibilities for research. They allow me to find a great deal of information in any field I want, computers, programming, web design or graphic design etc.. with great accuracy or even simpler than that. As a last aspect, they save a lot of time.

Aren't they great? They help me a lot. Computers help me to relax, work and they help make my life easier. That is why I believe that they are technology's greatest invention. I know I put a lot of excitement in my words, but that's is because in addition to all the practical uses computers have, I love to work with them. When I am creating a software or working in a new project, I can spend hours and hours in front one of them and not fell anything but excitement.

Now computers substitute that world; I love so much to work with them, they make me feel alive, they are part of my spirit, and of my soul. Twelve years have been since I decided Computer Science/studies was going to be my major, it has long before high school, and I haven't and I won' ever change my mind. I have a great passion for computers, but I always keep in mind that we have a brain which will always be 10,000 times more powerful than any instrument created by the humans, no matter how sophisticated it may look.

How much can cyberterrorist get?

noreply@blogger.com (RECC) — Mon, 12 Nov 2007 15:09:00 +0000

We don't want to talk about possible punishment and jail time/fee someone doing the "bad" things on internet can get, we want to show you how much cash so called 'blackhat" can get....

G DATA, a data-company that makes software for securing pc's just realeased a press note wherethey try to answer the question asked at beggining.

From survey they made, it's clear that DDoS attack or advertising thru spam is just matter of couple hundreds of euro. Same thing is with buying databases with mail address's of our potential customers. "Spam market" is very big, for example You can have them sent 20 millions of mail's for as little as 350 euro. "Starting kit" - 5 million of e-mail addresses, and application ready to help you configure Your own servers for that, cost around 140 euro.

Another thing that come's handy in fight for customers is DDoS attack, here you will often get 10 minutes of it for free, just to show You how effective it can be, then you can decide how much of "their" time you actually want buy, prices for such service starts from 20 USD for hour to 100 USD for whole day.

Doing simple math - working for just 20 hours per month, on 20 orders, spammer can send over 400 millions of messages and without much effort he could earn around 7000 euro. If that wasn't enough, you can get 10 millions of e-mail addresses for just 100 euro.Same goes to paypal accounts, credit cards numbers and internet game account's.

G DATA found that most popular are World of Warcraft (popular mmorpg) accounts, where prices are around 6 euro for one, and thats two times more then for credit card info.

Last but not least, vulnerabilities and trojans, this is the most lucrative way a cyberterrorist can "earn" cash, prices often reach several hundred thousands euro's, there are also auction site for those, but most of these are kept in secret to not give any idea to vendor, so buyer can longer and more effective use, that new fresh exploit he bought.

Tools vs. Talent

noreply@blogger.com (RECC) — Thu, 16 Aug 2007 10:19:00 +0000

Today security industry is as interesting as never before and people are into it for different reasons. Some of us are into it because of endless opportunity to learn, some are because that special knowledge can gain them fame, then there are people with malicious intentions, and finally there are people doing it for cash.

While its not our job to tell you who is bad and who is not we often think about future of this "business". Researching takes up time, and time is cash, it also require knowledge and experience.

But is the talent and as we called it before - special knowledge - really required in security?

Different people have different opinions, but you have to admit that searching and exploiting bugs or flaws has become easier nowadays, much easier then it was year or two ago. Potentially researcher can now choose from multiple of applications that were crafted to help doing that time-consuming job.

For example, during this year Black Hat conference Mozilla presented new tool allowing you to play with Firefox and other browsers, Jesse Ruderman published JavaScript Fuzzer doing similar job, we can't forget about applications like Immunity Debugger that - quoting from project's website:

"Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files...

*Cuts exploit development time by 50%*Simple, understandable interfaces

*Connectivity to fuzzers and exploit development tools...

Don't forget there are many of such tools doing (some of the) job for you, not to mention tons of on-line guides and FAQ's in various topics in security..."

So, is "hacking" really that hard? Is it really meant for geeks? Or is it becoming a chance to get cash, fame or whatever else with few mouse clicks?

Talent, anyway, is needed in hacking. And no tool can replace it.

New elements in HTML 5

noreply@blogger.com (RECC) — Mon, 13 Aug 2007 00:48:00 +0000

Structure and semantics

Hypertext Markup Language (HTML) 5 introduces new elements to HTML for the first time since the last millennium. New structural elements include aside, figure, and section. New inline elements include time, meter, and progress. New embedding elements include video and audio. New interactive elements include details, datagrid, and command.

Development of HTML stopped in 1999 with HTML 4. The World Wide Web Consortium (W3C) focused its efforts on changing the underlying syntax of HTML from Standard Generalized Markup Language (SGML) to Extensible Markup Language (XML), as well as completely new markup languages like Scalable Vector Graphics (SVG), XForms, and MathML. Browser vendors focused on browser features like tabs and Rich Site Summary (RSS) readers. Web designers started learning Cascading Style Sheets (CSS) and the JavaScript™ language to build their own applications on top of the existing frameworks using Asynchronous JavaScript + XML (Ajax). But HTML itself grew hardly at all in the next eight years.

Recently, the beast came back to life. Three major browser vendors—Apple, Opera, and the Mozilla Foundation—came together as the Web Hypertext Application Technology Working Group (WhatWG) to develop an updated and upgraded version of classic HTML. More recently, the W3C took note of these developments and started its own next-generation HTML effort with many of the same members. Eventually, the two efforts will likely be merged. Although many details remain to be argued over, the outlines of the next version of HTML are becoming clear.

This new version of HTML—usually called HTML 5, although it also goes under the name Web Applications 1.0—would be instantly recognizable to a Web designer frozen in ice in 1999 and thawed today. There are no namespaces or schemas. Elements don't have to be closed. Browsers are forgiving of errors. A p is still a p, and a table is still a table.

At the same time, this proverbial unfrozen caveman Web designer would encounter some new and confusing elements. Yes, old friends like div remain, but now HTML includes section, header, footer, and nav as well. em, code, and strong are still present, but so are meter, time, and m. img and embed continue to be used, but now there are video and audio too. However, closer inspection by the caveman designer would reveal that these elements aren't that different. Many of them might be things the designer needed back in 1999 but didn't have. All these new elements are easily learned by simple analogy with elements the designer already understands. In fact, they're a lot easier to learn than Ajax or CSS.

Finally, when the caveman fired up the 300MHz laptop running Windows 98 that was also frozen in 1999, they might be astonished to realize that the new pages display fine in Netscape 4 and Windows® Internet Explorer® 5. Sure, the browser wouldn't recognize or do anything with the new elements, but the page still displays, and the content is all there.

That's not a happy coincidence. HTML 5 was explicitly designed to degrade gracefully in browsers that don't support it. The reason is simple: We are all cave people. Browsers now have tabs, CSS, and XmlHttpRequest, but their HTML renderers are stuck in 1999. The Web can't move forward without accounting for the installed base. HTML 5 understands this. It offers real benefits to page authors today while promising even more to page readers tomorrow as browsers are slowly upgraded. With that in mind, let's look at what HTML 5 brings you.

Structure

Even well-formed HTML pages are harder to process than they should be because of the lack of structure. You have to figure out where the section breaks go by analyzing header levels. Sidebars, footers, headers, navigation menus, main content sections, and individual stories are marked up by the catch-all div element. HTML 5 adds new elements to specifically identify each of these common constructs:

section: A part or chapter in a book, a section in a chapter, or essentially anything that has its own heading in HTML 4
header: The page header shown on the page; not the same as the head element
footer: The page footer where the fine print goes; the signature in an e-mail message
nav: A collection of links to other pages
article: An independent entry in a blog, magazine, compendium, and so forth

Source IBM

Image attack on MySpace boosts phishing exposure

noreply@blogger.com (RECC) — Thu, 21 Jun 2007 01:49:00 +0000

The number of page views garnered by fraudulent sites climbed by a factor of five in March and April, fueled by a phishing scheme targeting MySpace users.

The attack used a modification to the style sheet of a user's profile to place a transparent image over the page, causing a click on a link -- or anywhere else on the page -- to redirect the visitor to a fake MySpace login page.

The effectiveness of the attack and the increasing sophistication of the phishing pages, some of which were hosted on botnets and were near perfect duplications of MySpace's login page, meant that we needed to switch tactics to combat this new threat.

Phishing -- using fake e-mail messages and Web pages dressed up with the brand names of trusted corporations -- have increasingly been used to trick victims into giving up their valuable information. An e-mail posing as a complaint from the Better Business Bureau has recently been targeting the executives as small- to medium-sized business in a scam designed to shake free usernames and passwords from key corporate personnel. While the current attack spreads virally through MySpace, actual viruses and worms have been created for the social networking site.

While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack, We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue.

In mid-April, MySpace changed their server side code to disable bad links in users' profiles and the traffic to known phishing sites dropped down to its pre-March levels.

MySpace Users/members', Take note!!

;)

AMD set to launch PCIe 2.0 chipsets this year

noreply@blogger.com (RECC) — Fri, 15 Jun 2007 08:20:00 +0000

Four chipsets to support upcoming Phenom phenomenon

THERE IS NO TURNING back now, AMD and ATI are integrated and the first complete wave of chipsets will arrive in second half of this year. Dubbed Series 7, AMD's line-up consists of four chipsets.

RD790 (790 CrossFire or 790X) is a high-end chipset, the features of which were already mentioned on these pages. It brings PCIe 2.0 support, and Quad Crossfire is also possible due to four supported PEG (PCI Express Graphics) connectors. With PCIe 2.0 bringing 150 Watts through the motherboard, even juice-hungry R600 will be able to work with a single 6-pin power cable.

The second chipset is RX780 (780X), nothing else but a mainstream version of the above mentioned RD790, but without CrossFire support.

Then, there are two models with integrated graphics, one of which is supporting DirectX 9, and another bringing HD2000 series into the integrated market - DirectX 10 compliant part.

RS740 or 740G will support DX9 and is nothing more than a pumped up 690G, while RS780 (780G) is a base for AMD's Bulldozer platform (in mobile terms, RS780 chipset is called Puma), supporting UVD and DX10.

These four chipsets will be paired with either SB600 or SB700 Southbridge chip, depending on release timeframe. RS740 and RX780 are arriving in third quarter of this year, while RD790 and RS780 will come in time for Yule.

Source: theinquirer

Global DSL subscriber count tops 200 million

noreply@blogger.com (RECC) — Wed, 06 Jun 2007 06:26:00 +0000

More than 200 million people worldwide are connected to the Internet via a DSL connection the DSL Forum announced today. 43.4 million or more than 20% of all DSL subscribers are located in China.

Second in the ranking is the U.S. with 27.5 million subscribers, followed by Germany with 15.7 million, France with 14.6 million and Japan with 14.3 million.

According to the DSL Forum, DSL technology holds a 65% market share among broadband access technologies.

Scientists convert processor heat back to electricity

noreply@blogger.com (RECC) — Wed, 06 Jun 2007 06:17:00 +0000

Perhaps AMD and Intel should not have abandoned the Gigahertz-race and bunsen-burner processors after all: Scientists from the University of Utah today said that they can convert waste heat into sound and electricity.

There soon may be a rather unusual method to cool down your overclocked rig: Physicist Orest Symko and his research team at the University of Utah said they succeeded in building small devices that turn heat into sound and then into electricity. The findings, which are part of a 5-year, $2 million project to develop “tiny thermo-acoustic refridgerators”, will be presented at the annual meeting of the Acoustical Society of America this Friday.

According to Symko, most of the heat-to-electricity acoustic devices are housed in cylinder-shaped "resonators" that fit in the palm of a hand. Each cylinder, or resonator, contains a "stack" of material with a large surface area – such as metal or plastic plates, or fibers made of glass, cotton or steel wool – placed between a cold heat exchanger and a hot heat exchanger.

When heat is injected, the heat builds to a threshold and moving air produces sound. The sound is then converted into electricity by using "piezoelectric" devices that are squeezed in response to pressure, including sound waves, and change that pressure into electrical current. Only about 20% of the sound energy is lost when pressure is converted to electricity, Symko said.

So, how efficient is the conversion of waste heat into electricity overall? Symko said that the efficiency depends on its application and temperature differences – the higher the difference between a source heat and the temperature within the cylinder, the greater the efficiency. He believes the technology can be about 20 – 25% efficient initially, with greater efficiencies to be reached down the road, depending on the application. However, he told TG Daily that the technology could enable solar cells, which are up to 40% efficient in high-end applications and typically reach efficiencies of less than 20% in mass market products, to bump efficiencies to more than 50%.

For microprocessors, the technology could be used as a supporting cooling technology: Ironically, the technology increases its efficiency with greater temperatures – the hotter a processor the more sense the energy conversion technology makes.

An obvious concern of the technology would be noise: Symko said that the technology can produce very loud sounds “to impress people.” However, noise can be shielded and become a non-issue, he told us. The scientists are also working on ultrasonic devices that would eliminate any noise for the human ear.

Symko plans to test the devices within a year to produce electricity from waste heat at a military radar facility and at the university’s hot-water-generating plant. Within two years, the physicist believes that the devices could be used as an alternative to solar cells for converting sunlight into electricity and as a new way to generate electricity from heat that now is released from nuclear power plant cooling towers.

Of course, there cooling of server, desktop and laptop computers is another application for the technology: Symko told us that a thermo-acoustic cooling device for a computer could cost about $100 to $200, when it goes into production.

Web development as an industry

noreply@blogger.com (RECC) — Fri, 18 May 2007 09:05:00 +0000

Since the mid-1990's, web development has been one of the fastest growing industries in the World. In 1995 there were fewer than 1,000 web development companies in the United States alone and in 2005 there are over 30,000 such companies.
The web development industry is expected to grow over 20% by 2010. The growth of this industry is being pushed by large businesses wishing to sell products and services to their customers and to automate business workflow, as well as the growth of many small web design and development companies.

In addition, cost of Web site development and hosting has dropped dramatically during this time. Instead of costing tens of thousands of dollars, as was the case for early websites, one can now develop a simple web site for less than a thousand dollars, depending on the complexity and amount of content. Smaller Web site development companies are now able to make web design accessible to both smaller companies and individuals further fueling the growth of the web development industry. As far as web development tools and platforms are concerned, there are many systems available to the public free of charge to aid in development. A popular example is the LAMP (Linux, Apache, MySQL, PHP), which is usually distributed free of charge. This fact alone has manifested into many people around the globe setting up new Web sites daily and thus contributing to increase in web development popularity. Another contributing factor has been the rise of easy to use WYSIWYG web development software, most prominently Microsoft FrontPage or Adobe Dreamweaver. Using such software, virtually anyone can develop a Web page in a matter of minutes. Knowledge of HyperText Markup Language (HTML), or other programming languages is not required.

The next generation of web development tools uses the strong growth in LAMP and Microsoft .NET technologies to provide the Web as a way to run applications online. Web developers now help to deliver applications as Web services which were traditionally only available as applications on a desk based computer.

Instead of running executable code on a local computer, users are interacting with online applications to create new content. This has created new methods in communication and allowed for many opportunities to decentralize information and media distribution. Users are now able to interact with applications from many locations, instead of being tied to a specific workstation for their application environment.

Examples of dramatic transformation in communication and commerce led by web development include e-commerce. Online auction sites such as eBay have changed the way consumers consume and purchase goods and services. Online resellers such as Amazon.com and Buy.com (among many, many others) have transformed the shopping and bargain hunting experience for many consumers. Another good example of transformative communication led by web development is the blog. Web applications such as WordPress and b2evolution have created easily implemented blog environments for individual Web sites. Open source content systems such as Typo3, Xoops, Joomla, and Drupal have extended web development into new modes of interaction and communication.

Some troubles that might happen with Linux and Mac

noreply@blogger.com (RECC) — Mon, 07 May 2007 06:11:00 +0000

Beware Linux and Mac users! Mac and open-source platform should no longer be so secure against viruses, PC Pro informed on Tuesday.
As Mr. Eugene Kaspersky claimed, there will be a significant rise in virus attacks on these platforms.

As reason sees Mr. Kaspersky, that with new Microsoft OS more users will move towards alternative platforms, making them a target for malware writers. "It's not so easy to find good anti-virus experts for non-Windows platforms" Mr. Kaspersky stated.

Open source presents more serious problems: "More people are watching open-source code, so they are more quick to find problems. If the people who make the fix are good guys, that's great, if they are bad guys, that's a problem".

Other platforms should be affected too - consoles and smartphones should be also target for attacks. Especially smartphones could be a target for phishing...

Czech website Root.cz, one of most popular Linux-dedicated websites in Czech and Slovak republic posted good overviews on such aspects, which are to be not overseen when talking about viruses on Linux platforms. Petr Krcmar, chief editor of the Root.cz claims here:

1. If a user is running old vulnerable applications on MS Windows or Linux or Mac OS, an attacker could succeed to put his code into the user’s computer.
It does not automatically mean, that if a user is using Linux, he’d be safe at all.

2. The number of Linux desktop users is not so high when compared to the number of MS Windows users. The situation is different in server area but, as Mr. Krcmar stated, we haven't seen massive attacks against these systems.

3. Linux users are in general more skilled than users of MS Windows.

4. Users on MS Windows are commonly working with administrator rights.
They are able to self-install, or something can be installed hidden with their privileges. Linux users taught, from their “first steps” not to use "root", because it could have crucial impact on the system. Of course, if a malicious code is run under a common user, it could cause lots of damages to it, but not other users or to the system itself.

5. Flaws on open-source environment are patched generally within one day, instead of closed source.

6. Linux based systems can be updated as whole things including all installed applications, differently from MS Windows, where you patch the system and Microsoft applications like MS Office, but lot of other vendor's applications kept as “not patched”.

7. Linux environment is more heterogeneous - there is too many different linux distributions and this normally negative aspect is now turn to positive because compatibility between different distributions is sometimes questionable. Some of security holes from a certain distribution are not on different ones at all.

These are most important factors which are affecting mass virus spreading. As Mr. Krcmar stated in the end, there is a possibility that this situation will change, even if at present there is no need to be too much concerned about it.

But this doesn't mean we should not be careful.

A Killer mobile phone virus spread panic in Kabul

noreply@blogger.com (RECC) — Thu, 19 Apr 2007 01:47:00 +0000

Fear is high in Kabul, and it is not only because of war and terrorism: citizens are deadly worried about a biological virus that can be transmitted by mobile phone, Reuters reported today.

Mobile phone users are fearful that a killer virus is spreading via mobile phone calls and, according to rumours there have already been several deaths.

"Don't answer any strange number because it contains a virus that will kill you," said the shop-owner Mr. Ahmad Fawad.

Nobody knows how this news spread out but it rapidly reached any street and alley in kabul, producing so much panic that Afghan Government had to intervene and reassure the public.

This story, which has got all the characteristics of a metropolitan legend, seems to come from Pakistan and in two weeks it swiftly spread throughout a country that is still bearing the effects of a devastating war.

Officials from the Afghan Interior, Communications and Health ministries had to hold a speech on television and appeal for calm, trying to convince people about the impossibility of such a story.

Fuh!..

Download IE7 and get Grum-A

noreply@blogger.com (RECC) — Wed, 04 Apr 2007 08:01:00 +0000

Experts at Sophos Labs warned about a widespread malicious attack which is perpetrated through an e-mail inviting users to download the beta for Internet Explorer 7.0.

The e-mail, whose subject is "Internet Explorer 7 Downloads", claims to come from admin@microsoft.com and displays an image which invites users to download beta 2 of Internet Explorer 7.

But actually, the message is fake and it contains the file called ie7.0.exe, infected by a virus, known as Grum-A , that infects executable files referenced by Run keys in the Windows Registry.

According to Sophos senior technology consultant Graham Cluley , "the problem is that to the casual observer the email looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its website to promote Internet Explorer 7.0.”

But the file is not innocuous at all, since not only does it copy itself to \winlogon.exe to make changes to Windows Registry, but it also edits the Hosts file, injecting a thread into system.dll, and attempts to patch the system files ntdll.dll and kernel32.dll, the magazine Computer Weekly reported.

Microsoft is one of the main targets for malware scams and all emailers are warned to look out for messages with a subject line that reads "Internet Explorer 7 Downloads".

"There have been many occasions when virus writers have coded attacks that have presented themselves as communications from Microsoft. Two years ago hackers directed internet users to a bogus website masquerading as Microsoft's update page," said Cluley .

But in this specific case, there are elements that could make users “smell the rat”:

first of all, major companies usually do not ask web surfers to download software upgrades by e-mail. Then, the full version of IE/ was released last October and the upgrade is available on Microsoft official web site, so there’s no need for the Company to send similar e-mails. But, yet, there are off-guard users who do not care or do not know such precautions… and they are the perfect prey for malicious attacks.

Pod Slurping..oh gosh!

noreply@blogger.com (RECC) — Sun, 25 Mar 2007 02:22:00 +0000

Pod Slurping is a method of stealing information from a PC and downloading into iPods, USB flashes, MP3 players, PDA drives and other devices with storage capabilities.

Improvements in wireless and mobile technology have made personal storage devices become so powerful that they can file up incredibly high volumes of files. This characteristic represent a dangerous vulnerability for companies, indeed when dealing with wireless security they basically focus on laptops or notebooks and they hardly ever consider other perspectives.

But in general, these devices rare at risk only if they are used outside the workplace, and in spite of the increasing of incidents of internal security breaches, the main concern is still about external threat only.

There’s nothing surprising in it: stealing data from inside a company is quite easy, especially using apparently “innocuous” personal storage devices: the simpler method of extracting and storing information.

Just think about i-Pods, that were originally designed to store huge amounts of music files but that could actually be used to file up any kind of data.

Companies have to face an ambivalent problem: on the one and the need to provide their offices with modern forms of access to technology, on the other the risk that modern devices could convey a threat for data security. The way out could be to implement a personalized solution for each company that should invest in a double plan, where any technological innovation is associated to a specific security measure.

It is very difficult to regulate the use of personal storage devices in offices and it is almost impossible for a company to ban them from workplaces, but there are policies and measures that could be taken to increase a bit the level of security.

Credit cards for sale

noreply@blogger.com (RECC) — Thu, 22 Mar 2007 15:54:00 +0000

Shopping by credit card could save big surprises in your bank statement of account, not to mention additional costs such as bank rates… So what?

According to an “enterprising” group of cyber-crooks the solution could be to buy fake US-based credit cards on the Internet for as little as one dollar, the Agence France Press reported today.

According to a report by Symantec, the activity of cyber fraudsters is growing day by day specifically about "targeted malicious code for the purpose of stealing confidential information that can be used for financial gain."

"Cyber criminals continue to refine their attack methods in an attempt to remain undetected and to create global, cooperative networks to support the ongoing growth of criminal activity," the Internet Security Threat Report noted.

Through such networks ( whose 51% is located in the USA), cyber criminals sell stolen information, personal id numbers, credit cards, e-mail addresses lists and other sensitive data.

Indeed not only credit cards were sold for between 1 and 6 US dollars, but also full sets of data for a fake identity , including US bank account, credit card, date of birth and government issued identification number were available for between 14 and 18 dollars.

Also available: Online bank accounts with a 9,900-dollar balance for 300 US dollars; PayPal accounts for 10 to 500 US dollars and a list of 2,900 e-mail addresses for three US dollars.

Most of these “particular items”, come from phishing attacks or cyber attacks in which an attacker infected a number of computers to gain access to passwords and other sensitive information.

Jikto: the JavaScript-based threat

noreply@blogger.com (RECC) — Thu, 22 Mar 2007 15:50:00 +0000

Do you know Jikto? It is a new tool written in Java Script that could be used by cyber crooks on PCs of unknowing users to make them do illegal activities without directly commandeer the systems.

According to Jikto creator Bill Hoffman, researcher at Web security firm SPI Dynamics , This is going to drastically change the scope of evil things you can do with JavaScript," Hoffman said.

"Jikto turns any PC into my little drone. Your PC will start attacking Web sites on my behalf, and you're going to give me all the results."

The tool will be released later this week during the annual East Coast hacker convention ShmooCon in Washington D.C.

Jikto is a Web application vulnerability scanner that, according to Mr. Hoffman, can be embedded into an attacker’s website or injected into trusted sites though cross-site scripting flaws. It can silently sound and audit any kind of web site, and then sent the results to the attacker who set up the tool.

Jikto and other similar tools could be used to detect holes in digital systems, so to facilitate cyber-criminals’ activity. The main difference between Jikto and previous tools is that it uns in a Web browser and distributes the bug-hunting task across multiple PCs, whereas the others were basically traditional PC applications.

Moreover, according to the magazine C-Net , “Jikto can hunt for various common security holes and can connect back to its controller for instructions on which Web sites to hit and what flaws to look for, Hoffman said.

For example, it could be programmed to scan major banking Web sites for SQL injection vulnerabilities. Such vulnerabilities could be serious and open databases to attack.”

This tool is an example of how JavaScript could be used with malicious intentions. Thanks to JavaScript , Jikto can run in most web browser without any warning and without leaving any trace: web surfers hitting a web site with Jikto embedded could never realize what is going on, since the tool will run as long as the browser is open and silently disappear as soon as it will be closed.

On the other hand, JavaScript-based tools are very slow to perform compared to traditional vulnerability-scanning tools. Moreover, as Fyodor Vaskovich, creator of Nmap Security Scanner said: "Hiding the attacker and distributing the scanning can be useful, but the reality is that attackers can generally scan pretty widely with impunity, or they just use a chain of proxies."

The most scary aspect of Jikto and other JavaScript-based threats is that they do not work on the machine to jeopardize it, so antivirus will not help in detecting them.

Jikto’s current version only crawls and detects vulnerabilities, but next version- that could be presented this summer, at Black Hat security conference in Las Vegas- will be designed to exploit vulnerabilities and extract data.

Photocopiers are a risk for ID Theft

noreply@blogger.com (RECC) — Thu, 22 Mar 2007 14:13:00 +0000

Magazines, institutions and independent web sites and blogs keep spreading this uncomforting message: we are constantly under the risk of identity theft. We are so used to new clever method to cheat consumers that we should not be surprised about a further threat represented by photocopiers.

Specifically, digital copiers manufactured in the past five years have disk drives to reproduce documents, which are very similar to those used for Computers. This means that those apparently innocuous machines can actually retain the data being scanned… and represent an effective instrument for data- thieves.

As reported by Associated Press, the real problem appears If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.

For example, in the USA, when at “Tax time” millions of citizens photocopy tax returns, criminals could easily get confidential information by photocopiers: “Consumers and business owners will photocopy highly confidential tax forms containing Social Security numbers, employer identification numbers and other sensitive information in places outside the home, leaving them vulnerable to digital theft," Ed McLaughlin, president of Sharp Document Solutions Company of America declared. Moreover, he added that even if some copier makers have started adding security features, there are still too many old copiers that could represent an open target.

According to a survey commissioned by the photocopiers firm Sharp, more than half of Americans did not know copiers carried this data security risk, and about 55% of them declared to be going to make photocopies and printouts of their tax returns and related documents.

Most of these copies will be made at offices, libraries and copy shops: public places wher it could be easy to get illegal access to data. Many big companies that are particular careful to security measure, already included “photocopiers” in the list of holes to be fixed up, but the major threat is for small companies and everyday consumers that are less likely to be informed about

Looking for new employees? Fished!

noreply@blogger.com (RECC) — Sun, 18 Mar 2007 03:31:00 +0000

The working field is every day more complicated, isn’t it?After the news about the potential introduction of Security Alert Tracking Systems for employees.

According to ComputerWorld , unknown attackers are launching targeted phishing scams from the “looking-for-job” website CareerBuilder.com.

The alarm comes from a network manager who claims that the secutrity system of his company was heavily attacked using phishing techniques that use the lure of phony online resumes.

The attacker usually approaches managers looking for new job applicants by sending e-mails in which he invites the recipients to visit a website to view a resume provided by link.

Now try to guess what happens to those who click on the link… Bingo! The website tries to execute a backdoor Trojan to jeopardize the computer.

According to experts, the scam is very well conceived since the e-mail sent by the attacker is structured as a real job-application: a cover letter “stating the wish to be considered for employment and claiming the firm hasn't responded to a fax of the resume so the applicant is posting it via a link to a Web site.”The name of the applicant is obviously fake.

A good web filtering system should be enough to block the attack but the first weapon to neutralize similar scams must be awareness.

All the job-related web sites could be involved in the scam that’s why experts warned companies to be as careful as ever when looking for new employees through these media.

Anyway, recruiting web sites are the most common solution for job seekers, and it won’t be easy for companies to change the way they locate job candidates.. Attention, carefulness and an excellent security system are the only solution. Will they be enough?

How hard it is to keep a blog in China..

noreply@blogger.com (RECC) — Sun, 18 Mar 2007 03:27:00 +0000

Chinese government has recently approved a measure to intensify controls over blog’s contents and authors. The announcement comes straight from the country's chief censor and it was reported on Tuesday by the Beijing Morning Post.

A similar decision was taken, according to the director of China's General Administration of Press and Publication Long Xinmin, to regulate the wide community of bloggers .

"We must recognize that in an era when the Internet is developing at a breakneck pace, government oversight and control measures and means are facing new tests," Long said, immediately adding that no violation of citizens’ freedom of expression would be perpetrated.

The measure hasn’t been adopted yet but Chinese bloggers expressed their scepticism against it: they are afraid about the consequences that further restrictions could have in a country whose censoring system is one of the most active and strict in the world.

Last year, for example, China's Ministry of Information Industry issued rules on Internet news content that analysts said was aimed at extending regulations governing licensed news outlets to blogs and Internet-only news sites.

According to Reuters’ statistics, by last September, the number of blog sites in China reached 34 million, a 30-fold increase from four years before.

In China, keeping a blog is considered as a form of liberation, a way to express what it is commonly inexpressible in real life: government action is focused on preventing the publication of data , information and opinions that could someway create a damage to people or the Government.

"The publishing administration authorities have been paying attention to this new mode of Internet dissemination," Long said.

New privacy measures at Google

noreply@blogger.com (RECC) — Sun, 18 Mar 2007 03:22:00 +0000

New privacy measure will be soon adopted by Google in order to make it more difficult to link online search requests with the people making them.

As reported by the agency Associated Press, he initiative was taken by the Mountain View-based company in order to protect its millions of users, and it will be carried out by removing key pieces of identifying information from its system every 18 to 24 months.

This difference is determined by a compendium summarizing laws from all over the world that dictate how long search engines are supposed to retain user information. Anyway, authorities will be allowed to demand to review personal information before their cancellation and take legal action seeking to force the company to keep the data beyond the new time limits.

This is the first time that a major searching engine has decided to specify how long data about users would be retained.

The most worth noticing factor is that this decision will lessen the chances for anybody (may it be Google itself or a governmental agency) to trace the habits of internet users and link a determined person to a series of chosen topics or websites.

Under its new standards, Google will wipe out eight bits of the Internet protocol, or IP, address that identifies the origin of specific search requests. After the IP addresses are altered, the information will be linked to clusters consisting of 256 computers instead of just one.

Google also will depersonalize computer "cookies" .

Google warned that the cancellation of part of the information about users could convey some inefficiency, but they also say that any lack in the service will be compensated by an increase in users’ privacy safeguard. Indeed privacy experts as well, agree about the fact that Google’s initiative will be a milestone:

"This is an extremely positive development," said Ari Schwartz, deputy director of the Center for Democracy and Technology. "It's the type of thing we have been advocating for a number of years."

Unfortunately, in last months Google is “on the crest” because of a series of lawsuits involving the search engine and several major companies, specifically concerning the violation of rights on videos .

It’s time to check you: a Security Alert Tracking System for workers

noreply@blogger.com (RECC) — Tue, 13 Mar 2007 04:06:00 +0000

It looks like a watch, but actually it does not tell you what time is it.

The newest device for employee monitoring will be shown at the ISC West EXPO, in Las Vegas, March 28-30, 2007 and it will be presented as a “employee security and safety tracking system” .

The operation of such device is based on the principle that people’s heart rate is very variable in stressful situations (for example while committing an illegal activity or in case of harassment or threats).

The company Third Eye Inc. and SPO Medical used this technology to create a system that works by monitoring the pulsations of the person who wears it , maybe an employee, and transmit the data to a central system that processes them produces a detailed report about the conditions and activities of the worker.

As reported by Gizmag , “The system revolves around a bio-sensor chip with proprietary algorithms that collects information from the reflectance of light on the human body, in a non-invasive manner, to monitor key vital signs, including heart rate and oxygen saturation levels.”

Any information captured by the wrist unit is wirelessly transmitted to the employer’s central monitoring system that can be configured with a video surveillance system to trigger cameras to zoom in on the employee .

The system is very easy and “comfortable” to use, since it can be worn as a bracelet . Moreover, a watch unit may be inserted in it.

This device was named Security Alert Tracking System (SATS) and ,according to Third Eye, “Used in a casino, bank, office or store, SATS can enhance employee security at the company and can assist in apprehending employees engaged in unlawful activities.”

Just few questions: will this system be legal? Will employees be warned that their hart rate is monitored? Will they be in the position to chose whether to wear the SATS or not?

Vladuz: Romanian storm over eBay

noreply@blogger.com (RECC) — Sat, 10 Mar 2007 04:49:00 +0000

There’s a danger threatening eBay: it is known as Vladuz and it apparently comes from Romania. The threat is a cracker.

Over two months ago, the attacker know by the handle as Vladuz hacked eBay’s employee servers . From that moment on he has been continuously targeting eBay and mocking its security systems.

As reported by The Register , several attacks can be linked to Vladuz who, still at the end of last month, carried out two attacks against the popular online auction website.

Vladuz's technique to demonstrate that the attack had taken place, was to post notes on the customer service bulletin board using the same bold pink background used by eBay employees: in response to a post where eBay spokesman Hani Durzy declared that Vladuz didn’t enter eBay’s internal systems, the attacker wrote: “Durzy … lies all the time.” And he went on answering to a complaint for late replies: “I was very busy. Being hunted by eBay doesn’t leave you much free time.”

In spite of the fact that , according to the company’s representatives, the attacks did not affect the network where crucial customer data is kept, their weight and frequency required an immediate counteraction by eBay that applied to no less than the FBI to pursue the attacker. The enquiry leads to Romania, where Vladuz is supposed to come from.

eBay spokeswoman Catherine England would not give too much importance to this attacker who is just one among hundreds of fishers who try to hack the company every day.

The real problem about this issue is not the single attack perpetrated by Vladuz, but the amount of fraudulent auctions that seems to accompany his activities. Indeed, since the end of January, they registered a hike in the number of auctions being offered, and then removed, from hour to hour. Vladuz and his clients are suspected to be responsible for these postings.

According to eBay statistics there is a noticeable difference between auctions trends BEFORE and AFTER Vladuz emerged. This volatility is supposed to be imputable to a sort of “cat-and-mouse game” between fraudsters and eBay's security team: as soon as eBay team removes the fraudulent offerings, there’s someone who put them up again.

In the past eBay used to blame users’ carelessness for the hijacking of trusted accounts, but now they found evidences on the involvement of Vladuz & Co. in many of these cases.

Vladuz claims to be also the author of many tools and software such as a Firefox extension that he says automatically enters captcha image verification codes when making certain eBay transactions.

Ban on Internet Cafès in China

noreply@blogger.com (RECC) — Thu, 08 Mar 2007 04:53:00 +0000

Beijing government has just banned the opening of new Internet Cafès in 2007, Reuters news service reported today. Chinese authorities declared that a similar decision was due to their concern about the increase of cases of Internet-addiction and Juvenile crimes linked to web activities.

Actually, China has registered an alarming rise in the number of teenagers and young adult Internet addicts: for example, a case of deathly internet-devotion dates back to last week when a 26-years-old man died after a "marathon" online gaming session .

And just last month 8 young Internet-geeks were arrested for producing and disseminating a severe computer virus .

The worry about the influence of Internet Cafès on teens, however, isn’t connected just with Cyber Crime, since according to Chinese deputy Yu Wen "It is common to see students from primary and middle schools lingering in Internet bars overnight, puffing on cigarettes and engrossed in online games."

Beijing already adopted some countermeasures such as restricting minors from cyber cafes and limiting online game playing times, but these initiatives should not have worked properly…

"In 2007, local governments must not sanction the opening of new Internet bars," Xinhua news agency quoted a directive jointly released by 14 government departments, including the Ministry of Culture, as saying.

The notice said Internet cafés that had received planning approval would need to be completed by 30 June 2007.

Digital worms through USB ports.

noreply@blogger.com (RECC) — Tue, 06 Mar 2007 03:06:00 +0000

During last two weeks, security experts have registered several digital incidents provoked by a worm with Trojan capabilities that is infecting both Enterprise systems and home computers.

The worm was named “Win32.Agent.wj’ and works by copying itself to the root folder of USB flash Drives, MP3 players and other removable storage devices in the computer. The worm creates then an ‘autorun.inf’ configuration file which enables the malicious code when the infected drive is inserted into another computer.

Every time an infected computer is started, the worm too is run automatically and a text in Chinese is displayed on the desktop for some time. The Worm conceals itself with the help of Windows "SetFileAttributes" and tries to evade detection.

The main purpose of malware writers is to infect as many computers as possible, but this specific worm seems to be affecting ” Enterprises particularly just as one and all have suddenly woken up to the exceptional convenience and easy portability that thumb drives offer. And no wonder it provides an equally easy mode of malware proliferation for Virus writers as well,” declared Govind Rammurthy, CEO of MicroWorld Technologies – the company that first detected the worm.

Win32.Agent.wj belongs to the same family of USBToy.A, a worm that infected several computer last October , USB Toy A as well works by spreading itself through USB ports and once it is run, it also shows a message in Chinese.

As demonstrated in tests and in everyday experience, USB flash drives really represent a risk in any Security System since on the one hand they could allow to steal information leaving no trace, and on the other they could be a vehicle for the spreading of worms and viruses.

Anti hacking tips for home based online business.

noreply@blogger.com (RECC) — Sat, 03 Mar 2007 06:34:00 +0000

Don't ignore operating system updates

Practically every day, some new security flaw is found in the most critical aspect of your business - the operating system on which all your other software runs. While it's a major pain in the butt to apply updates and patches so regularly, especially if you access the web via dialup, it's nonetheless of vital importance not to put off performing these tasks as part of regular maintenance.

Don't wait to be alerted via mainstream media of problems that have been discovered - more often than not, these notifications will be delayed. As a part of your daily routine, it's wise to visit the software vendors' site and keep abreast of any critical security updates. In the case of Microsoft, you'll need to go to the Windows Update site.

Anti-virus software used properly

Install anti-virus software and ensure that it's regularly updated - this is of the utmost importance. Many times I have come across people who believe that because an anti-virus program is installed, they are protected, yet the last time the virus data file was updated was months or even years ago. Even missing one update could bring down your computer and the business you have struggled so long to build.

Also remember to password protect the settings on the software so no-one else can alter protection levels.

Firewall software

Anti-virus software isn't enough - it's also a good idea to install firewall software which will help prevent unauthorized incoming and outgoing communications from your computer while connected to the Internet. In most instances you wouldn't even be aware that these illegitimate probes and scans of your systems are occurring. Port scanning is *very* common and is carried out with a view to finding weaknesses in your system that can then be exploited.

If you are using Windows XP, then you're in luck as there's already an effective firewall included - but it's not enabled by default.

To activate the firewall in Windows XP:

- Go to "Start"
- Go to "Settings", then "Network connections"
- Select your Internet connection
- Click on "Properties"
- Click on "Advanced"
- Check the box in the "Internet Connection Firewall" section

Email software preview windows

Some viruses, called worms, can infect your system without you clicking on attachments - they can execute in the message preview window. Many worms can cause your sensitive information and documents to be transmitted to millions of people. While the preview window is a handy feature, it's safest to turn it off.

To turn off the preview window in Outlook Express:

- Select "View" on the Menu Bar
- Select "Layout"
- Uncheck "Show Preview Pane"

To turn off the preview window in Outlook:

- Select "View" on the Menu Bar
- Select "Preview Pane" if it's not already greyed out
- You may need to repeat this for each top level mail folder

Consider email filtering services

More and more people are turning to 3rd party solutions for filtering email of spam and viruses as their inboxes become inundated with junk. Email filtering can be very effective in dramatically reducing security risks before the mail even has a chance to be collected by your email software. It not only reduces the risk, but also the amount of time and bandwidth used in retrieving your mail.

Regularly remove spyware

If you and your familiar do a lot of surfing and downloading of shareware software, then it's likely you'll also accumulate your fair share of spyware. Spyware is a broad term applied to software applications that monitor your actions and report them to back to a company.

Some software companies use spyware that is incorporated into their software products to gather data about customers, which is often sold to other companies. An excellent free application for removing spyware can be downloaded from Spybot. Learn more about spyware

Not using it? - unplug it..

Disconnect your computer from the Internet when not in use. The longer you are connected to the Internet, the more opportunity you give for persons to gain unauthorized access. This is especially the case where your ISP provides you with a static IP, which usually occurs in broadband scenarios.

Audit your computer regularly

If your computer is used by others, carry out regular audits of the software on it and research any software that you discover that you haven't installed yourself. It's safest to make it a policy not to allow any software to be installed without your permission. Spybot again is a very effective tool for detecting and removing software that may be a security risk

Remember that your anti-virus software, firewalls and email filtering services should always be considered your last line of defense against software nasties - the first line of defense should be you.

Kid's aren't all computer whizzes

Monitor your children's computer usage carefully. They may seem to be "experts", but more often than not they will have very little idea of the ramifications of some of their actions whilst on the Internet. Close supervision is especially necessary in chat rooms as these are places where Script Kiddies and other undesirable elements of the online community are very active.

Password issues

If you must store usernames and passwords on your system, ensure they are contained in a document that is password protected. It is safest not to store any passwords on your computer. Don't let Windows "remember" passwords for you. Passwords should always be more than 8 characters long and contain a mixture of numbers and letters. Learn more about password security issues.

Logging out

Ensure that you log out of online services properly. Failure to do so can allow others who use your computer to gain access to those services and you can be blamed for their activities.

The fight against viruses, script kiddies and other online parasites isn't getting any easier for those of us involved with ecommerce; and as the years go by, more and more of our time and money will be spent on dealing with the darker side of the web.

We can only hope that in the future detection methods become so efficient and punishment becomes so harsh that these kinds of incidences stop occurring. But if the history of our species is any indicator - that's highly unlikely to happen.

Online dating cracker not jailed

noreply@blogger.com (RECC) — Thu, 01 Mar 2007 03:04:00 +0000

The story we are dealing with, is not a pure “hacking case”, but it is interesting to consider how certain skills about computers can be used to do “personal justice” in our little litigations and, literally, where they could lead…

Frustrated lovers! Rejected suitors! Deceived “neckers”! Now it's your turn to take a digital revenge: if you have got a computer, basic “hacking skills” and you are ready to spend some years in the army, you can get even with inconstant, cruel girls - and also keep your record clean.

This is more or less what happened to Michael Valentine, 29, a former Long Island police officer who avoided jail time for hacking into his ex-girlfriend's online dating account and setting up dates for her with men she didn't know.

Mr. Valentine set up his revenge by illegally getting the password of the girl’s Match.com account. Through the stolen password he logged into the web site's online dating area, and using the girl’s identity he arranged dates with over 70 men, most of whom showed up at the her house.

Last April, prosecutor charged Mr. Valentine with 197 counts of indictment including stalking, computer tampering and harassment: heavy counts that would have brought about at least three years in prison. But instead of jailing him, judges accepted to suspend the sentence because Valentine expressed his decision to join the military.

By exchanging prison for army, he will be obliged to enlist within nine months .. otherwise he will be immediately jailed.

Just a perplexity: is a girl worth of it?