Archives| Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |
Wed, 2 Jun 10
Facebook users warned of 'likejacking' scam
Washington (AFP) June 1, 2010 - Internet security firm Sophos has warned Facebook users to be on the alert for a scam which sends a spam message to all of their friends on the social network.
Sophos, in a pair of blog posts late Monday, said "hundreds of thousands" of Facebook users have fallen for the scam which it dubbed "likejacking."
It said some Facebook users had received a message such as "This man takes a picture of himself EVERYDAY for 8 YEARS!!" and were encouraged to click on a link.
Sophos said clicking on the link takes a Facebook user to what appears to be a blank page with a "Click here to continue" message.
Sophos said clicking on the page publishes the original message on their own Facebook page with a "like" notation and recommends it to all of their Facebook friends.
"This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads," Sophos said.
Sophos warned last week about a Facebook scam designed to trick users into installing adware, a software package that automatically plays, displays or downloads advertisements to their computer.
That followed a similar scam that spread on Facebook the week before involving a fake posting tagged as the "sexiest video ever," according to Sophos.
Wed, 2 Jun 10
Addressing The Critical Need For Emerging Technologies In Cybersecurity
Los Angeles CA (SPX) May 28, 2010 - Dr. Robert Brammer, Northrop Grumman Information Systems Sector vice president and chief technology officer, led a panel calling for increased collaboration in cybersecurity research addressing a critical and immediate national need at the Annual Armed Forces Communications and Electronics Association (AFCEA) STRATCOM Cyberspace Symposium.
Other panel participants included members of the Northrop Grumman Cybersecurity Research Consortium, Dr. Tom Knight, the Massachusetts Institute of Technology (MIT) and Dr. Eugene Spafford, Purdue University. Also participating in the panel was Dr. Michael Van Putte, DARPA.
During the panel discussion, the participants addressed the urgent national need for increased cybersecurity research and development for emerging technologies in these areas. The participants also discussed the programs currently in progress to help address this need.
"We see some promising emerging technologies in many of the areas that our Cybersecurity Research Consortium is addressing," said Brammer. "Substantial work by the government, industry, and academia is needed to realize the potential of these technologies for large-scale implementations that will have national impact."
Northrop Grumman established the Cybersecurity Research Consortium in 2009 to help develop leap-ahead technologies in the cybersecurity field. The consortium includes Carnegie Mellon University, MIT, and Purdue. The research conducted through the consortium spans many areas of cybersecurity, defined as protection of information and information systems on networks.
These areas include hardware and software security, privacy, simulation of cyber attacks and defenses, protection of critical national infrastructures, and others. Currently, the consortium is involved in 10 projects at the member universities with complementary research projects at Northrop Grumman.
The Cybersecurity Research Consortium is just one of the initiatives that Northrop Grumman is taking to help develop advances in cyber technology. Earlier this month, the company announced that it would be the presenting sponsor of the Air Force Association's CyberPatriot III competition.
CyberPatriot is a national high school cyber defense competition designed to excite, educate, and motivate the next generation of cyber defenders. Through this sponsorship, Northrop Grumman will be recognizing its responsibility to helping develop cybersecurity leaders and promoting new technological advances.
Wed, 2 Jun 10
Australia minister attacks 'creepy' Google chief in Web row
Stephen Conroy said Google had committed the "single greatest breach in the history of privacy" by collecting private wireless data while taking pictures for its "Street View" mapping service, and dismissed claims it was an accident.
"It was actually quite deliberate... The computer program that collected it was designed to collect this information," Conroy told a Senate committee hearing late Monday.
Asked whether he was disputing Google's assertion that the Street View cars had gathered the fragments of personal data in error, Conroy said: "Yes. I'm saying they wrote a piece of code designed to do it."
Google has led criticism of Conroy's plan for an Australia-wide Internet filter, warning it could damage the nation's reputation as a liberal democracy and set a dangerous global precedent.
Canberra's bid to block sites featuring material such as rape, drug use, bestiality and child sex abuse with an Internet-wide content filter also attracted condemnation from Yahoo! and Microsoft.
But Conroy accused Google of hypocrisy when it came to censorship, and said it considered itself above the law, singling out chief executive Eric Schmidt for reproach.
"When it comes to their attitude to their own censorship, their response is simply, 'trust us'. That is what they actually state on their website: 'Trust us'," said Conroy, a Senator with the ruling centre-left Labor party.
"They consider that they are the appropriate people to make the decisions about people's privacy data, and that they are perfectly entitled to drive the streets and collect private information by photographing over fences."
"I think that the approach taken by Mr. Schmidt is a bit creepy, frankly," Conroy added.
Conroy also slammed Facebook and its founder, Mark Zuckerberg, for what he said was a "complete disregard" for users' privacy, describing it as a "corporate giant who is answerable to no one and motivated solely by profit".
"Zuckerberg, after breaking up with his girlfriend, developed a website of all the photos from his yearbook so he and his mates could rank the girls according to their looks. An auspicious start for Facebook," Conroy said of the social site's origins.
Greens Senator Scott Ludlam accused the communications minister of a "corporate character assassination" of Google, but Conroy said he was merely "describing their own words and actions".
Wed, 2 Jun 10
Obama urged to fast-track cyber policy
Washington (UPI) May 24, 2010 - The Obama administration is coming under increasing pressure from industry professionals to fast-track cybersecurity policies announced a year ago.
"It's still not a plan but rather a plan to begin planning," wrote Adam Stone in a Federal Times.com survey of developments since a Cyberspace Policy Review, announced by the administration in 2009, and a nationwide cybersecurity awareness campaign last fall.
The review document explored the state of the nation's cyber defenses amid a spate of incidents involving organized hacking that affected government departmental Web sites, corporate cyberspace and public service portals.
Damage to the cyberspace was estimated to have cost tens of billions of dollars, though more figures were never revealed because of fears that disclosure would damage reputations of departments and corporate entities.
Cybersecurity officials also cited links between organized hacking, organized crime and "They are in the process of rethinking what it is that we ought to be doing," said Larry Clinton, president of the Internet Security Alliance, an association representing the information security sector. "This is probably a good way to start."
Stone said a few specifics are emerging.
"Private and public sectors will need to work in closer cooperation. Government agencies will need to implement new monitoring and defensive technologies. And federal managers will need to take a more active role in enforcing cybersecurity practices within their organizations," he said.
The Obama plan follows on from the Bush administration's Comprehensive National Cybersecurity Initiative and is believed by experts to have incorporated elements from CNCI.
Among items of interest to the federal workforce, Stone said, a 12-point CNCI summary calls for a continuation of the Trusted Internet Connections initiative, which is meant to reduce the number of connections between government computers and the Internet.
There are plans also to implement deployment of an intrusion detection system of sensors across the government.
Coordination of research and development across government needs to improve and there are plans to develop a pipeline of skilled cybersecurity employees.
Although coordination and cooperation with the private sector to address security matters of common interest is on the cards, Stone saw problems with it.
"There's wide agreement that the expertise of the private sector ought to be aligned with the security needs of government," he said, pointing out that the private sector may not yet respond positively.
"To secure our country from cyberattacks, we must have shared responsibility between the government and the private sector," U.S. Sen. Jay Rockefeller, D-W.Va., told the Business Software Alliance Cybersecurity Forum in April.
However, private sector sources cited by Stone said that industry may not be ready to work with government and vice versa.
Pat Clawson, CEO of security and vulnerability technologies firm Lumension, said, "There has been no effort in terms of ironing out the legalities."
He pointed out that regulatory and legal issues might prevent publicly held companies from sharing sensitive corporate data about activities within their networks -- data that government might need to implement security measures.
However, "There is no bridge in sight that will allow for certain types of cooperation," Clawson said.
"Today, if a company has a cybersecurity problem and wants to notify authorities, the only option is generally to call the FBI," Clawson said in a recent blog posting. "That can result in long delays and in many cases nothing gets done -- and the company ends up with negative publicity if the story gets out that there's been a security breach."
Industry sources said fear of negative publicity was one of the reasons material losses resulting from cyberattacks and hacking remained one of the great unsolved mysteries.
Banks and major corporations involved with financial transactions continue to keep a lid on losses rather than risk loss of customers with public disclosures that show them as victims of cybercrime.
Industry analysts want the government to make a start with implementing basic defensive measures such as more sophisticated scanning and robust firewalls. The technologies for implementing those measures are mature and ready to deploy, they said.
"None of this creates big privacy issues, none of this creates questions about law enforcement and jurisdiction, or questions about offensive tactical military maneuvers," said Robert Richardson, director of San Francisco's Computer Security Institute.
He said the administration's cybersecurity agenda was "just a question of will and budget."
Sat, 22 May 10
German minister stresses privacy rights with Google chief
Berlin (AFP) May 20, 2010 - German Foreign Minister Guido Westerwelle met Google co-founder Larry Page Thursday, the ministry said, amid tensions over its controversial Street View service and the sanctity of private data.
In an unusual half-hour, closed-doors meeting at the ministry with a foreign business executive, Westerwelle also took up the issue of censorship in China and other countries which have posed challenges to the US-based Internet giant.
"Minister Westerwelle underlined the importance of freedom of expression on the Internet and he heard about the experiences of the company in China and other countries," his office said in a statement.
"In the context of the current debate about Google's Street View, Minister Westerwelle stressed the importance of data protection in Germany. Anyone who believes in the rights of citizens to their freedoms should recognise the importance of data protection."
The meeting came after prosecutors in the northern city of Hamburg, where Google's German unit is based, opened a preliminary probe against the company after it admitted to mistakenly gathering personal data with its Street View mapping service.
Google said last week that it was halting the collection of WiFi network information for Street View because it had inadvertently collected personal data sent via unsecured systems. It has since apologised.
German authorities have been among Google's chief critics over Street View, which began in 2006 and allows users to view panoramic street scenes on Google Maps.
A foreign ministry spokesman told AFP that the meeting with Page had been scheduled weeks ago and said it was common for Westerwelle, chairman of the pro-business Free Democrats, to meet with "entrepreneurs".
"There was the interest on both sides to have a conversation," the spokesman said.
Meanwhile in March, Google stopped filtering results on its Chinese-language search engine to protest government censorship and what it said were China-based cyberattacks.
The issue touched off a war of words between Beijing and Washington over Internet freedom, adding to a host of other bilateral trade disputes.
Wed, 19 May 10
Google ends WiFi collection after personal data captured
Washington (AFP) May 15, 2010 - Google is halting the collection of WiFi network information for its controversial "Street View" mapping service after admitting it mistakenly gathered personal data sent over unsecured systems.
The Internet giant had insisted previously that it was only collecting WiFi network names and addresses with the Street View cars that have been cruising cities around the world taking photographs for the Google Maps service.
"It's now clear that we have been mistakenly collecting samples of payload data from open (ie non-password-protected) WiFi networks," Alan Eustace, Google senior vice president for engineering and research, said in a blog post Friday.
Eustace said Google was "profoundly sorry for this error," which is likely to intensify criticism of Street View by privacy advocates and officials.
The Mountain View, California-based Google said it will end the collection of WiFi network information entirely by the Street View cars which have been used in over 30 nations, and was taking steps to delete the private data.
Street View, which is available for the United States and certain other countries, allows users to view panoramic street scenes on Google Maps and "walk" through cities such as New York, Paris or Hong Kong.
WiFi network information allows Google to build location features into mobile versions of Street View such as directions or nearby restaurants.
Amid concerns that thieves could use pictures of private houses to gain access and that photos of people were being published without their consent, Street View already blurs faces and car registration plates.
The collection of WiFi network information by Street View, which began in 2006, has already come in for criticism, particularly in Germany.
Eustace said a coding error was responsible for the collection of personal data sent by people over unsecured WiFi networks.
Google did not specify what data was gathered but it could potentially include emails or details about which websites a person had visited, for example.
Eustace said Google discovered that personal data had been swept up a week ago following a request to audit WiFi data from the Data Protection Authority in Hamburg, Germany.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," he said.
"We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it," Eustace said.
"Given the concerns raised, we have decided that it's best to stop our Street View cars collecting WiFi network data entirely," he added.
A Google spokesperson said about 600 gigabytes of personal information had been gathered, roughly the amount as in a standard computer hard drive.
Eustace said the data was just fragments. "Because our cars are on the move, someone would need to be using the network as a car passed by, and our in-car WiFi equipment automatically changes channels roughly five times a second," he said.
"Maintaining people's trust is crucial to everything we do, and in this case we fell short," he said. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
John Simpson of Consumer Watchdog, an advocacy group that is a frequent critic of Google, said the company had demonstrated a "lack of concern for privacy."
"Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar," Simpson said.
"The takeaway from this incident is the clear need for government oversight and regulation of the data all online companies gather and store," he said.
Jeffrey Chester, executive director of the Center for Digital Democracy, said "Google has placed data collection before user privacy -- the DNA of the company is to harvest data for online marketing.
"Top management needs to ensure that privacy -- not data collection -- come first," Chester said.
Google said Street View cars have been collecting WiFi data in Australia, Austria, Belgium, Brazil, Britain, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Luxembourg, Macau, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan and the United States.
Wed, 19 May 10
Pentagon says military response to cyber attack possible
Washington (AFP) May 12, 2010 - The Pentagon would consider a military response in the case of a cyber attack against the United States, a US defense official said on Wednesday.
Asked about the possibility of using military force after a cyber assault, James Miller, undersecretary of defense for policy, said: "Yes, we need to think about the potential for responses that are not limited to the cyber domain."
But he said it remained unclear what constituted an act of war in cyberspace.
"Those are legal questions that we are attempting to address," Miller said at a conference in Washington, adding that "there are certainly a lot of grey areas in this field."
He said hostile acts in cyberspace covered a wide range, from digital espionage to introducing false data into a network, that did not necessarily represent full-blown war.
But he said the threat to US networks from terrorists, criminals and others was real and growing.
"Over the past decade, we've seen the frequency and the sophistication of intrusions into our networks increase," he said. "Our systems are probed thousands of times a day."
The Defense Department has about 90,000 employees and troops using computer networks, with about seven million computer devices, he said.
The US military recently created a new cyber command that will be led by Lieutenant General Keith Alexander, head of the secretive National Security Agency. Alexander was confirmed in his post by the US Senate last week.
In his written testimony to Congress, Alexander said that the new cyber command would be prepared to wage offensive operations as well, despite the risk of sustaining damage to US networks.
He told lawmakers that he expected digital operations to take place as part of a wider military campaign, but that special legal authority would be required to respond to a cyber attack staged from a neutral country.
Tue, 11 May 10
Cybersecurity meet ends with calls for global cooperation
Dallas, Texas (AFP) May 5, 2010 - Government and business leaders wrapped up a cybersecurity conference here Wednesday agreeing that only global cooperation can protect a vulnerable Internet and interconnected world.
"When it comes to our readiness to protect ourselves from cyberattacks we are not prepared, we are not even close to ready," said Tom Ridge, who headed the US Department of Homeland Security under former president George W. Bush.
Cyberspace has emerged in the 21st century as a new domain along with land, sea, air and space, Ridge told the 400 participants from 40 countries attending the first Worldwide Cybersecurity Summit hosted by the EastWest Institute.
"It's time, one might argue past time, to build the trust and establish the laws, treaties and agreements for the cyberspace domain in this 21st century," he said. "Collective action is and must be our goal."
During three days of talks here, government officials, business leaders and cybersecurity experts discussed how to cope with the myriad threats to computer networks -- from criminal hackers seeking financial gain to cyber terrorists out to wreak havoc to nations equipped with cyber warfare capabilities.
While warning that the dangers can never be eliminated entirely, they said a number of steps could be taken to protect power grids, financial markets, rail and air transportation, communications systems and other critical sectors.
"We need to exchange -- and there are certain conditions of course -- information about vulnerabilities, threats, attacks," said Patrick Pailloux, director general of France's Network and Information Security Agency.
"We should conduct joint cyber defense exercises," he said.
China, which has been accused of waging cyberattacks on Google and heavily censors the Web, joined calls for international efforts to secure cyberspace while at the same time urging respect for "Internet sovereignty."
"International cooperation is very much needed," said Liu Zhengrong, the deputy director general of the State Council Information Office's Internet Affairs Bureau.
But the "Internet sovereignty of each country needs to be respected" and "different national and cultural conditions" taken into account, Liu said.
Both government and business representatives stressed the need for the public and private sectors to forge a partnership.
"Each government has to enlist the support of its private sector for cybersecurity," said Kamlesh Bajaj, chief executive of the Data Security Council of India. "No government can fight cyber crime in isolation."
Bajaj warned that while much can be done to protect digital infrastructure against electronic attacks, "vulnerabilities will continue to exist.
"Cybersecurity is not a technology problem that can be solved," he said. "It is a risk to be managed."
Protecting user privacy and educating policy-makers and the public to the seriousness of the threats in cyberspace were cited as other major challenges.
"When you mention cybersecurity to most members of Congress their eyes just glaze over," said Michael McCaul, a Republican member of the US House of Representatives from Texas. "Yet it's one of the most serious issues that we face in this century."
Speaking of cyber espionage, McCaul said "if we caught agents of a foreign power breaking into the Pentagon, stealing physical files, file cabinets, you can imagine the response from the media.
"And yet that's happening in the virtual world every day," he said.
Enhanced cooperation among law enforcement and a greater ability to track down and punish perpetrators of cyber crime were also identified as pressing needs.
"We have an enormous number of bad actors who are able to be completely anonymous," said Michael Dell, chairman and chief executive of Texas-based computer giant Dell. "Can you think of any secure system where people can operate anonymously?"
Retired US Air Force Lieutenant General Harry Raduege, former director of the Defense Information Systems Agency, pointedly reminded participants that reaching a consensus on cybersecurity issues will not be easy.
"When I think of the rules of the road, some people drive on the left side of the street and some people on the right so that can cause some healthy collisions," Raduege said.
Tue, 11 May 10
Cybersecurity experts share their 'nightmares'
Dallas, Texas (AFP) May 6, 2010 - Cybersecurity experts from around the world meeting on ways to protect the Internet say they still have fears of "nightmare" scenarios in which attacks could cripple critical computer networks.
"I live in a world of nightmares," Patrick Pailloux, director general of France's Network and Information Security Agency, told participants in the first Worldwide Cybersecurity Summit which ended on Wednesday.
"Each subject is a nightmare: electricity, power grids, transportation, airplanes, water supply, finance, the banking system, the health system," Pailloux said.
"My biggest nightmare is that we don't have enough time to prepare us for the nightmares," said the head of France's cyber defense efforts.
Pailloux was among the 400 participants from 40 nations who attended the meeting hosted by the EastWest Institute think tank to come up with ways to protect the world's digital infrastructure from cyber threats.
The cybersecurity experts, government officials and business leaders agreed that only global cooperation could protect computer networks under constant attack from ever mutating viruses, worms, spam and a host of other dangers.
White House cybersecurity coordinator Howard Schmidt said his "nightmare scenario" would involve a loss of communications.
"You have some kind of a physical event -- whether it's a natural disaster, whether it's a direct attack -- and you somehow because of a cyber insecurity do not have an ability to communicate or direct emergency response," he said.
"As far as a single incident that could take place that's probably the one I worry about the most," Schmidt said.
Michael McCaul, a Republican member of the US House of Representatives from Texas, expressed concern about a "denial of service attack that shuts down power grids and causes major blackouts across the country."
Denial of service attacks can paralyse websites by overwhelming them with requests from thousands of zombie computers.
"Everything is tied to the Internet therefore everything is vulnerable," McCaul said. "With a click of a mouse you can blow up power grids."
"The energy sector is really the Achilles heel of every nation and every business and every citizen," said Melissa Hathaway, the former acting senior director for cyberspace for the US National Security and Homeland Security Councils.
McCaul also said not all threats exist in cyberspace, pointing to the undersea cables that carry Internet traffic between the continents.
"The Internet cable is a physical thing," he said. "It's not virtual.
"It's exposed off the coast of Egypt. That could be physically attacked and would literally shut down the Internet," he said.
A number of participants in the conference said one of their greatest fears is that people could simply lose confidence in the Internet unless measures are taken to crack down on such things as identify theft and credit card fraud.
If the public decides over time that the Web is no longer a safe place to do business it could deal a crippling blow to electronic commerce, they warned.
"If the bad guys win they erode the fundamental confidence that people have in communications networks and services," said Randall Stephenson, chairman, chief executive and president of US telecom giant AT&T.
"And I tell you that confidence is critical," he said in a closing speech to the gathering. "Without it all this great human and economic progress that's been powered by advanced communications stands at risk."
Tue, 11 May 10
Cybersecurity summit kicks off with calls to action
Dallas, Texas (AFP) May 3, 2010 - Securing cyberspace needs more public-private cooperation and a greater ability to identify and punish perpetrators, officials and business leaders said as a conference got underway.
"We have an incredibly threatening environment out there right now," US Homeland Security Deputy Undersecretary Philip Reitinger said at a dinner kicking off the first World Cybersecurity Summit in Dallas Monday.
"If we let our attention waver for a second we're going to be in a world of hurt," Reitinger said, calling for a sustained focus on cybersecurity and not just "Band-Aids."
Udo Helmbrecht, executive director of the European Network and Information Security Agency, said it was the "responsibility of governments to make a legal framework" to help tackle threats in cyberspace.
"We need to see that it's a global threat," Helmbrecht said, that requires a "global approach."
The Worldwide Cybersecurity Summit, hosted by the EastWest Institute think tank, features three days of discussions on ways to protect the world's digital infrastructure from electronic threats.
Some 400 government officials, business leaders and cybersecurity experts from China, France, Germany, India, Russia, the United States and three dozen other countries are attending the gathering, which is being held in the wake of cyberattacks on Google which the Internet giant said originated in China.
"Technology is definitely outpacing the creation of law and policies," said Kamlesh Bajaj, chief executive of the Data Security Council of India.
"If you look at global cyberattacks, many of them remain unresolved," Bajaj said. "The law enforcement effort leaves much to be desired.
"The Internet is said to be the perfect platform for plausible deniability," Bajaj continued. "Attribution is a major problem. This problem has to be solved and it's an international problem."
Michael Dell, chairman and chief executive of US computer giant Dell, agreed that the ability of cyber criminals and others to easily hide their tracks on the Web was a major problem and one that needs to be addressed.
"We have an enormous number of bad actors who are able to be completely anonymous," he said. "Can you think of any secure system where people can operate anonymously?"
"These are important questions for governments and societies to answer," Dell said. "But I think ultimately if you have a perpetuation of anonymous actors and an increasingly pervasive set of systems that are critical to infrastructure and commerce and everything else in the world this is a bad accomodation."
Dell also said governments and businesses will need to work together. "It's not just the private sector -- we need all parties to be involved in this," he said.
Without identifying specific countries, Dell added that "those nations that don't pursue these issues aggressively may find themselves as less desirable locations to do business or to do business with."
Reitinger said recognition was needed that "we're trying to do is run our economy, our critical services, on an Internet ecosystem that is fundamentally insecure."
"That doesn't mean it's not great, that it doesn't give us a lot of benefits but it wasn't designed to give us the security we need," he said.
"It's important not to demonize the technology," Reitinger cautioned. "The vast majority of the people using the Internet are good people, it's just too hard to secure yourself and too hard to protect your family.
"We need both public-private partnerships and advanced technology to make that easier to do," the US Homeland Security official said.