Guard Privacy & Online Security News & Information

About Guard Privacy & Online Security.com : Guard Privacy Blog Home : April 2006

April 1, 2006 20:05 - The Impact Of Internet Security Risks On Home And Home Office Computers

With knowledge of computer and Internet security risks, we can decide on the right prevention and protection for our PCs.

Unfortunately, the home and home office computer is specifically vulnerable to attacks from these privacy and security threats. By looking at Home PCs Are Very Susceptible To Computer Internet Security Risks, you'll appreciate why we home and home office users are such easy targets... but at least you are taking the steps to ensure you are not going to be one of the 80 percent affected!

This article provides an introduction to each type of threat. At the end of it, you'll have a good feel for what each risk is and you'll see how it can affect your PC and the information it contains... be it personal, financial, family or business.

There are nine computer Internet security threats covered here...

  1. Viruses and Worms
  2. Trojan Horses
  3. Crackers and Hackers
  4. Spam
  5. Web Bugs
  6. Child Security
  7. Pop-Up/Under Ads
  8. Tracking Cookies
  9. Spyware
Read about the impact of each risk here.

To reference this entry please copy the url in this link: (Permalink)

April 2, 2006 19:01 - Australia Introduces AntiSpam World's First... Who Will Follow?

At long last, one nation has had the courage to take the bull by the horns in the fight against spam.

Australia, which already has had antispam legislation since 2003 in place, has introduced a code of practice that will force Internet service providers to be more proactive in stamping out spam.

The Australian Communications and Media Authority (ACMA) last week registered the world's first legislative code of practice for Internet and email service providers, which comes into effect on July 16.

Although many countries have recognized spam as an issue, few have reacted to it effectively. It's recognized that ISPs, which carry much of the e-mail, could solve the problem of spam if they put their profit motives to one side.

ACMA's code means Australian Internet providers must proactively scan traffic for open relays and botnets (networks of compromised PCs used for sending spam). Additionaly, spam filters must be offered and clearly advertised by each ISP.

ACMA anti-spam team manager Bruce Matthews said the watchdog could seek penalties in the Federal Court of up to $10 million for a breach of the industry code.
Read the article

In a country outside Australia? In the fight against spam we need to do much of it ourselves. For more information, read Use A Spam Blocker And These Tips For Spam Dangers

To reference this entry please copy the url in this link: (Permalink)

April 4, 2006 18:42 - How Commercial And Free Proxy Anonymizers Work

By using one of the commercial or free proxy anonymizers, we can prevent our identity being determined on the Internet. With some, we can even encrypt our connection, so any communication between our computer and the Website we're visiting is totally secure and we are invisible to any third parties.

Some proxy anonymizers -- also known as anonymous surfing programs and international anonymizers -- can be used for all Web services, including Web-Mail, such as MSN HotMail and Yahoo mail, ICQ ("I Seek You"), and Web chat rooms, etc.

Why would we want to hide our IP (Internet Protocol) address when we're online? Well, the articles,

will answer that question.

The article goes on to discuss what a proxy anonymizer is, how we become anonymous and how we can become anonymous. Read more...

To reference this entry please copy the url in this link: (Permalink)

April 5, 2006 20:49 - Commercial & Free Anonymous Web Surfing Stops Big Brother Spying On Us

What with ISPs selling our surfing profiles to marketers, the government demanding surfing records from the search engine companies and identity theft skyrocketing, it's no wonder that Internet users are flocking to anonymous surfing tools.

Many feel, as they are paying for their Internet service, they have a right to control what information is shared about them... and with whom.

This is a legitimate concern for Internet users. Many fight to guard privacy rights... not because they have something to hide, but because they are forced to protect continual privacy breaches and/or as a matter of principle.

Big Brother invades our privacy through the use of information "sharing," tracking spyware, rootkits, and backdoor access built into computer programs, databases and networks.

Recently, with the Google subpoena, we learned just how governments have an increasingly heavy hand in gathering information on our Internet privacy. Consider the following instances...

  1. When the Department of Justice issued a subpoena to the major search engine companies to hand over our surfing records, it clearly showed just how easy it is for Big Brother to have access to our Internet lives.
  2. In February, 2006, at the US House of Representatives Committee on International Relations, Yahoo's senior vice president declined five times to answer whether Yahoo had co-operated with the National Security Agency's domestic surveillance efforts by disclosing user information.
  3. The European Union Parliament passed a law in December, 2005, forcing the EU ISP's and telecoms companies to retain Internet records for at least six months... for examination by law enforcement agencies, if "necessary".
Organizations, governments and individuals can find out a surprising amount about each of us as we connect from one web site to the next.

If you are concerned about this gathering of your personal data, you can stop it at a stroke by using commercial or free anonymous web surfing.
Find out more about commercial and free anonymous web surfing...

To reference this entry please copy the url in this link: (Permalink)

April 6, 2006 22:11 - Panda First With AntiRootkit Technology

Security firm Panda Software has introduced what it claims to be the world's first anti-rootkit technology to combat an epidemic of targeted attacks and cyber-crime using this malware.

The announcement coincides with reports of the detection of three new variants of the Bagle worm incorporating rootkit functions.

Rootkits are programs designed to hide processes, files or Windows Registry entries. By doing this, they can hide both their presence on the system, as well as the actions they carry out. The new variants of Bagle try to disable a large number of services belonging to security tools, such as antivirus and firewall programs. They can be programmed to download more malware files.

Panda Titanium 2006 Antivirus + Antispyware and Panda Platinum 2006 Internet Security now include antirootkit technology that scans and detects suspicious processes hidden in memory, the technique frequently used by rootkits to hide malicious code.

The versatility and capacity of rootkits to go unnoticed, suggest that -in the short-term- they will be one of the most widely used types of malware by cyber-criminals.

Luis Corrons, director of PandaLabs, stated, ““Generating and selling rootkits has become a real business model. Due to their capacity to slip past traditional security solutions and their versatility to hide on the system and carry out all types of malicious actions, rootkits have become an excellent tool for cyber-criminals.”

“For this reason, it is highly probable that rootkits will become one of the main threats in the Internet. With this in mind, Panda Software is incorporating effective technology specially designed to combat rootkits in our security solutions,” adds Corrons.

For more information on Panda Titanium 2006 Antivirus + Antispyware and Panda Platinum 2006 Internet Security, go to Panda Security Home Page

To reference this entry please copy the url in this link: (Permalink)

April 7, 2006 21:47 - Guard Privacy And Online Security Against The Latest Malware Trends

In Kaspersky's latest report, "Malware Evolution: 2005, Part Two", this second part examines the evolution of the cyber criminals.

The largest tend during 2005 has been the escalating confrontation between virus writers and the anti-virus industry. However, malware authors have also been going after rival malware gangs.

Cybercriminals are tracking the activity of the antivirus industry as much as the antivirus industry is monitoring cybercriminals. For example, they use multi-scanners to test new modifications of existing malicious programs against vendors' anti-virus databases prior to their release.

These criminals also try to subvert almost every stage of antivirus update development...

For instance, Denial of Service attacks are made against honeypot networks of PCs set up by the security developers to prevent collection of malicious code samples needed to produce security updates.

Also, virus writers commonly cause their programs to modify the hosts file in such a way that it is impossible for the victim machine to connect to the update servers of antivirus vendors. Consquently, this prevents the antivirus databases from being updated.

And why do cybercriminals combat the antivirus industry so intensively? The answer is because they are fighting for their living.

It is for this reason that groups and individuals within the criminal underworld fight each other in a variety of ways. They use malicious programs that destroy the software developed by rival groups and fight each other for control of zombie PCs, or botnets.

"2005 shows that cybercriminals are likely to continue to focus on mobile devices and the financial sector. However, rootkits, botnets, cyber-blackmail, and other criminal activities are likely to remain widespread," the report concluded.
Read the report

To reference this entry please copy the url in this link: (Permalink)

April 8, 2006 20:39 - Beware Of Spyware Blockers That Identifies Your Computer Protection As Spyware!!

Spyware blockers are now mandatory... spyware has now surpassed viruses as the biggest threat to our PCs and personal information.

However, we consumers need to be very concerned about the antispyware market for two reasons...

  1. The credibility of spyware blockers has been dented by fraudulent claims. For instance...

    To illustrate the care we need to take in choosing a spyware blocker, look at the landmark case by The Federal Trade Commission (FTC) in 2005 against Maxtheater, Inc. To pressurize visitors to their Website to purchase their product, Spyware Assassin, they falsely claimed that free, remote scans of visitors' PCs showed that spyware was present. Even the downloaded Spyware Assasin reported spyware that wasn't there, to con users into thinking it was doing its job!

    One of the cruelest deceptions to be played on us spyware blocker users and purchasers is to sell us a program that actually adds spyware to our computers. Believe it or not, a spyware blocker called SpyBan was aimed at just that. Another way of perpetuating the effects of malware is to knock out our defences against it. There is now antispyware that does just that... SurfControl analysts have identified a rogue anti-spyware application, UnSpyPC, which falsely identifies certain security products as spyware. Among the tools falsely identified were a popular and reputable anti-virus tool, a well- known anti-spyware application and a system management tool.

    SurfControl has demonstrated in the past that this false-positive reporting is not uncommon across many supposed anti-spyware applications. In this particular case, however, false reporting could disable critical security and business applications.

  2. Here's another fact to take into account when deciding our antispyware strategy... independent tests show that even the best spyware blockers only remove around 50 percent of spyware, while the poorest programs have a negligible effect. So, even though spyware is our biggest threat, currently, the developers of spyware blockers are nowhere near the proficiency of anti-virus software, which can detect and remove greater than 99 percent of viruses.
As there is no single spyware blocker that will completely clean and secure our PCs of spyware, I, and most other security advisors, recommend the use of a combination of products to have any confidence of ridding our computers of the spyware menace.

There are the five steps we should take to ensure we have the best protection against spyware available...

Read more about spyware blockers

To reference this entry please copy the url in this link: (Permalink)

April 9, 2006 18:35 - Yet Another Flaw In Internet Explorer

Secunia has announced the fourth unpatched vulnerability for IE in the last few weeks. The error could be exploited to fake the address bar in a browser window, and could be used in phishing scams. This could trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent Web page.

Phishing is an online scam that seeks to entice us to click on a link to verify/cancel a purchase, update our personal information or validate our account to prevent it from being cancelled etc.

If we click on the link indicated, we are directed to a web site that is designed to look exactly like the official site of the company being mis-represented. Under the assumption that they are at an official site, victims enter specific personal information, such as social security number, credit card number or password.

The flaw exists because of an error in the way the Microsoft Web browser loads Web pages and Macromedia Flash animations, according to Secunia.

The company rates the issue "moderately critical" and has created a special Web page where users can test their Web browser to see if they are affected.

Secunia has confirmed that the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 Beta release.

Microsoft stated that users who have set their Internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting.

Microsoft plans to release a security update on Tuesday.

Read the full article.

To reference this entry please copy the url in this link: (Permalink)

April 10, 2006 22:08 - The Best Wireless Router... How To Maximize Security

With basic security configuration, even the best wireless router can be accessed by other computers and crackers in the vicinity -- meaning our information can be intercepted or our network accessed.

However, there are a couple of steps we can take to maximize the security of our router to protect our network and PCs from intrusion...

Wireless devices use encryption to protect the data that we are transmitting.

The most important step in choosing the best wireless router is to find out what type of encryption our potential router uses.

If we do not use encryption, then our information is unprotected. In other words, our information can be captured by intruders. This is particularly important if we use our wireless connection to carry out financial business, such as online banking.

There are, essentially, two types of wireless encryption...

  • WEP (Wired Equivalency Protocol)
    WEP aims to provide security by encrypting data over radio waves, so that it is protected as it is transmitted from one end point to another. A shared key, similar to a password, is used to allow communication between the computers and the router. WEP offers a basic level of security for wireless data transmission.
  • WPA (Wi-Fi Protected Access)
    WPA is a security protocol for wireless networks that builds on the basic foundations of WEP.

    It secures wireless data transmission by using a key similar to WEP, but the WPA key changes dynamically using Temporal Key Integrity Protocol (TKIP) for encryption. This changing key makes it much more difficult for a cracker to crack the key and gain access to the network.

This is the only security information we need to look for on a prospective product, prior to our decision to purchase. But here are some security tips for when we choose our best wireless router and install it...
Read more about the best wireless router
To reference this entry please copy the url in this link: (Permalink)

April 11, 2006 18:39 - FTC Shuts Down Californian Spam Operation

SC Magazine has reported that the FTC (Federal Trade Commission) and the State of California has halted a spam operation that violated the federal CAN-SPAM Act of 2003.

The companies concerned, Optin Global and Vision Media, delivered nearly two million messages selling mortgage services, car warranties, travel deals, prescription drugs and online college degrees, to unsuspecting PC users.

Qing Kuang "Rick" Yang and Peonie Pui Ting Chen, who ran the operation, netted around $2.4 million. However, as most of that has gone, the pair have been fined $475,000, to be realised from the sale of their properties and their remaining profits.

The FTC also warned the company that if they mis-stated their current account balances they will be forced to pay the $2.4 million.

The defendants violated the federal law because the emails contained false header information, deceptive subject lines, were not identified as advertisements, failed to tell customers they could opt out of receiving more messages and did not include a physical mail address.

According to the FTC, spam recipients forwarded to the agency more than 1.8 million spam messages that advertised websites connected to the defendants.

Advice On Spam & How To Reduce Its Risks

To reference this entry please copy the url in this link: (Permalink)

April 12, 2006 21:57 - Anonymous Surfing Recommended For Google And Earthlink's Wi-Fi

Google and Earthlink's plan for Wi-Fi coverage of San Francisco has had an antagonistic response from privacy advocates. Google's plan to target users with localized ads is considered an invasion of privacy by many groups.

In particular, the Electronic Frontier Foundation (EFF) has protested at the idea of targeted ads based on username and password sign-in location. The EFF also cites that personal and financial information might be at risk as well as identity. And it's not just identity but also private financial information that might be at risk.

The blanket network that Google and Earthlink propose will have to have a lower element of security than those for individual customers... an easy environment for malicious hackers.

As a result, the EFF are recommending users employ anonymous surfing with a proxy anonymizer to protect identity.

Google and Earthlink have promised to address the concerns.
Read the article

By using one of the commercial or free proxy anonymizers, we can prevent our identity being determined on the Internet.

With anonymizers that also integrate SSL or SSH encryption, any communication between our computer and a Website cannot be intercepted by crackers.

To learn more, have a look at How Commercial And Free Proxy Anonymizers Work

If you use Wi-Wi on open networks -- like at your local coffee house -- then you are at a high risk of a security breach. You can ensure you protect your personal information by using The Best Wireless Router... Secure Wireless Encryption

To reference this entry please copy the url in this link: (Permalink)

April 14, 2006 22:25 - How To Choose The Best Wireless Router Speed

When choosing the best wireless router, some of the speed terms and claims made by marketers can be confusing. You'll see router boxes covered with claims like "5X faster", "10X faster", "MIMO", "108 Mbps", "WPA Enabled" and more -- and none of it explained!

This article will translate and explain the speed terms you need to understand so you can ignore the hype and go for the criteria that matter.

There are a number of wireless networking standards developed by the industry's regulating body, The Institute of Electrical and Electronics Engineers (IEEE). Amongst these standards are those that set criteria for data transmission speeds.

Before purchasing our best wireless router, we should determine how fast it transmits data -- a firewall manufacturer must display the standard in its product specification. So, look for these specifications on the box.

For an entry-level wireless solution, don't consider anything less than standard 802.11g. Most "g" devices are now inexpensive, so there's no need to consider 802.11 "a" or "b" wireless routers.

Besides competitive pricing, "g" routers have far superior security. 802.11b routers offer only Wired Equivalent Privacy security (WEP), whereas 802.11g routers have Wi-Fi Protected Access (WPA), which overcomes the weaknesses of WEP.

For those who use their best wireless router to get online via a broadband connection and aren't moving large files, standard, Fast 802.11g is more than sufficient... and it's cheap!

If you are moving large files, then go for a Faster, Super G router.

For recommendations on the best wireless router in the Fast, Faster and Fastest categories, take a look at Wireless Router Firewalls Reviewed

Read about getting the best wireless router speed

To reference this entry please copy the url in this link: (Permalink)

April 15, 2006 20:24 - Internet Privacy And Security... How To Decide What's Essential

Choosing our Internet privacy security protection depends on how we use our PCs and what degree of privacy we require.

We're often told by the vendors and marketers that we must install all sorts of software for our computer protection... spending hundreds of dollars in the process!

This article helps you determine exactly what you need for your particular circumstances by guiding you through three different levels of Internet privacy and security protection.

For instance, someone with a home business computer containing client and financial information will require a higher level of computer protection than the home PC used only for email and occasional surfing. Likewise, parents with concerns about what their young children may be exposed to on the Web will have different security priorities.

So, what are the the three levels of Internet privacy and security protection?

  1. The Critical Level -- absolutely essential for all of us to install if we connect to the Internet. This is the basic level of computer protection. Without it, our PCs and personal information will inevitably be compromised by one or more of the threats described in the Internet Privacy Security Risks summary page.
  2. The Advisory Level -- this level of Internet privacy and security protection covers off less significant risks and adds depth to the Critical Level.
  3. The Personal Level -- this is additional computer protection that deals with specialized personal requirements. It's about widening privacy safeguards and will appeal to those of us with a strong desire to protect our privacy from any kind of external snooping.
Read the full article...
To reference this entry please copy the url in this link: (Permalink)

April 16, 2006 19:11 - First Google, Now PayPal Is Ordered To Reveal Private Information

In a replay of the battle between Internet search engine company Google and the US Department of Justice, which ended last month, the US Internal Revenue Service (IRS) has now ordered online auctioneer eBay's payment service PayPal to hand over records.

The IRS wants Pay Pal to provide details of accounts linked to banks and credit cards in specific countries. They are searching for accounts where tax evaders have hidden money in tax shelters protected from US scrutiny.

US District Court Judge James Ware, who handled the judgement on Google and DOJ, ordered PayPal to hand over records from when the Internet money-transfer service was launched in 1999.

"We are evaluating our options. We haven't decided what to do yet. We take the privacy of our customers' information very seriously," PayPal said. Currently, the company has more than 100 million accounts in service.

This latest demand is likely to renew the outbursts from online privacy advocates who have warned that the authorities see the Internet as an untapped resource for information about people's lives and activities.

The last privacy battle was settled last month in what was seen as a victory for personal privacy. Ware ordered Google to handover just a small amount of the search data the DOJ was demanding.
Full article

To reference this entry please copy the url in this link: (Permalink)

April 17, 2006 23:08 - Yahoo/AOL Paid E-Mail Won't Stop Spam

Goodmail CEO Richard Gingras surprised the Senate Select Committee on E-Commerce, Wireless Technology and Consumer Driven Programming, when he said that its fee-based CertifiedEmail program was not meant to reduce spam.

Gingras claimed the point of the plan is to allow users to verify who important messages are really from, like a message from your bank or credit card company.

However, Senator Dean Florez, who chairs the committee, said that he thought that the program was supposed to reduce spam and phishing.

The program is being introduced by AOL and Yahoo and Gingras's statement differs from recent remarks by AOL concerning the program's benefits...

"As we get ready to testify at the hearing ... we are also working diligently to protect our members' safety and security by preparing implementation of the anti-spam, anti-phishing CertifiedEmail program," AOL spokesman Nicholas J. Graham said in a March 30 report on DMNews.com.

Some groups are concerned that their emails, some of them for good causes, will be stopped unless they pay CertifiedEmail. AOL has offered to pay for non-profit organisations' expenses if that happens.

Goodmail was founded aiming to charge postage for all mail, but it has narrowed its focus to mail sent by companies and major nonprofit organizations. Currently, individuals will not have to pay to have their e-mail delivered.
Full article

Use A Spam Blocker And These Tips For Spam Dangers

To reference this entry please copy the url in this link: (Permalink)

April 18, 2006 21:22 - Infected PCs Unknowingly Download Updated Spam Tool

PC World have reported that PCs already infected with the Bagle virus began downloading a new spam tool Sunday night to be used by hackers to send unwanted e-mail.

According to security vendor F-Secure, virus writers of the infamous Bagle spam gang began sending a new malicious spamming tool Sunday night to thousands of hacked computers.

The malicious download link had resided at the website of a real estate agency in Slovakia but the link was shut down during Sunday. Within hours, another link was opened on a French site hosted in the US, said F-Secure.

The ISP hosting that site has been contacted, but so far the link remains active.

If a computer is infected with the Bagle virus, a malicious hacker can download other malware to the PC. In turn, those programs can send out spam to other machines without the knowledge of the user.

The infected PCs are known as 'Zombie PCs' or 'Spambots', because they are under remote control of the hacker. Hackers and spammers control networks of hundreds, or even thousands, of these zombie PCs, known as 'botnets'.
Is Your Computer A Zombie PC?

To reference this entry please copy the url in this link: (Permalink)

April 19, 2006 21:08 - Commercial Or Free Anonymous Web Surfing Prevents Tracking

Unless we use commercial or free anonymous web surfing on the Internet, many sources will collect and record information about us. These include our Internet Service Provider (ISP), web sites, Web routers, tracking cookies and even the authorities.

Our profiles are bought and sold by marketers and advertisers to assist their businesses. We ultimately suffer with inboxes of unwanted mail and the increased risk that goes with malware attached to this spam.

As we are paying for our Internet service, we have a right to control what information is shared about us and with whom. So, what is the information about us that these third parties can collect?

  1. Our ISP Keeps Everything
    Our ISP's servers log and save in a database all connections that are made, such as, our IP address, every Website we visit and every movie, audio, document or picture file we have ever downloaded.
  2. Our Identity
    Every computer is assigned an IP (Internet Protocol) address by our ISP. It's our Internet identification number, like our mailing address. By knowing our IP address, it's possible to determine our country, city, internet provider and even our physical address.
  3. Our Operating System And Browser
    The Web resources we visit can detect our computer operating system (e.g. Windows XP) and the browser we're using (e.g. Internet Explorer).

    However, crackers scanning our connection can also use it to launch virus or Trojan attacks that use weaknesses in our operating system and browser.

Click here for the rest of the article and more about commercial and free anonymous web surfing
To reference this entry please copy the url in this link: (Permalink)

April 20, 2006 20:47 - Phishing Tops Concern At Spam Conference

"The spam problem will get worse, and the reason is phishing," said Bill Yerazunis, chairman of the MIT Spam Conference, which has just held its fourth meeting in Cambridge, Mass. He estimates 20 to 30 percent of all spam messages are phishing attacks.

Phishing attacks are emails masquerading as though from official companies, like banks or e-shops, that persuade you to visit a website. Once there, the website looks totally official and you are requested to enter your personal details, such as passwords, account numbers... all designed to steal your identity or personal and financial information.

Until this form of fraud can be detected and blocked, unwanted e-mail remains a security threat.

Not only is phishing dangerous for potential victims, it is destroying banks' and other companies' ability to talk with their customers using email because phishing has corroded their customers' trust.

Although advances in and use of antispam products is reducing the spam load into our inboxes, phishing attacks are well enough disguised that a higher percentage of recipients click on them.

Antispam products that filter content aren't able to catch phish because the actual theft doesn't happen in e-mail, but at the forged Web site that a phishing message sends recipients to, said Jonathan Zdziarski, research scientist at CipherTrust.
Read the article

There are tools you can install which can help you assess whether you are on a phishing or pharming site. But it's also important to ensure you Have The Best Internet Identity Theft Protection

To reference this entry please copy the url in this link: (Permalink)

April 21, 2006 21:32 - Yahoo Provides Data To Imprison Dissident

We've mentioned here before that the search engine companies like Yahoo and Google are towing the line on providing the Chinese authorities with search data to identify potential dissidents. The article carried by TMCnet provides an account of one of the victims...

"Jiang Lijun, was sentenced for subversive activities in November, 2003. He was accused of being the leader of a group of political dissidents and of seeking to use violence to impose democracy.

Mr. Jiang is the third person to be imprisoned based on information Yahoo provided to Chinese police, according to Reporters Without Borders -- an international group devoted to press freedom that announced the case as Chinese President Hu Jintao continued his U.S. visit with a stop in Washington state.

Yahoo Holdings Ltd. in Hong Kong provided user information for the e-mail account used jointly by Mr. Jiang, and confirmed the registration data for that mailbox, according to the verdict.

"We know for a fact that Yahoo confirmed the registration data that the mailbox was used by both people," Julien Payne, the Paris-based chief of Reporters Without Borders said.

It is unfair to blame Yahoo for the government's action in this case without proof, said Andrew D. Lipman, a partner at Bingham McCutchen LLP in Washington who specializes in Internet and telecommunications issues and is not affiliated with Yahoo.

John Kamm, executive director of the Dui Hua Foundation, said he was satisfied that the copy of the verdict obtained in the case was authentic but acknowledged that questions remained.

Lawmakers were particularly angered by the cases of Shi Tao and Li Zhi, in which Yahoo provided information to police that resulted in imprisonment for political dissidence, and that the search-engine companies agreed to censor queries to eliminate words such as "democracy."

Rep. Christopher H. Smith, New Jersey Republican said, "There are probably dozens, if not hundreds of people who have been [put in prison] and tortured as a result of Yahoo opening up its e-mail servers."

If Yahoo can do this under pressure from a foreign government, what's going to happen when under pressure from the home authorities. Well, as reported here last month, Yahoo caved in while Google fought for consumer privacy rights.

However, the privacy of us consumers is what is being fought over. You can ensure your surfing habits are not recorded and you can't be tracked by third parties, such as malicious hackers. By using anonymous surfing, we can guard privacy and security. Read How Commercial And Free Proxy Anonymizers Work, to find out how.

To reference this entry please copy the url in this link: (Permalink)

April 23, 2006 19:12 - Computer Spyware Act Nabs First Offender

Zhijian Chen, an Oregon man was fined $84,000 under the Washington state's 2005 Computer Spyware Act. Chen was guilty of scamming users with false security warnings that led them to a bogus anti-spyware program.

Both Microsoft and Attorney General Rob McKenna brought the lawsuit against Secure Computer of White Plains, N.Y. for allegedly selling the bogus anti-spyware program, Spyware Cleaner. Three men were also charged with advertising the software.

Chen used the Windows "Net send" command, to put pop-ups on users' machines that mimicked official warnings. This command is typically used by network administrators to broadcast messages to employees.

Users tricked by the false message, and who then clicked on the embedded link, were directed to Secure Computer's website. Here users were offered a free "scan" for malicious software.

Like other so-called "rogue" anti-spyware products, the scan always detected spyware, even if it did not exist. To remove the fictitious spyware, users were offered the $49.95 Spyware Cleaner, of which Chen was paid a commission of 75 percent of the purchase price.

Under the settlement order Chen is to pay $16,000 in restitution to users who bought Spyware Cleaner, $24,000 in fines, and almost $44,000 in attorneys fees.
Read the article

Don't get caught out by purchasing spyware that doesn't do the job. For the best antispyware, look at the results of independent tests such as Commercial & Free Spyware Remover Programs Tested

To reference this entry please copy the url in this link: (Permalink)

April 24, 2006 22:36 - Trend Micro's Analysis Of 2005 Predicts The Malware Of 2006

According to Trend Micro Inc's Virus and Spam Roundup 2005 and 2006 Forecast, the vast majority of threats in 2005 were inspired by financial gain, rather than for notoriety as in prior years.

The attacks were primarily for information theft, with password stealers and bot worms replacing file infectors and script viruses and spyware and adware programs are hiding behind dubious Web pages.

The report is not only an analysis of 2005 threat incidents, but it also serves as a forecast of what 2006 holds, such as...

  • Bots and botnets will continue to increase as they reward their creators with enormous illegal gains.
  • A growth in rootkit and other stealth technologies.
  • Spy-phishing, a new threat during 2005, will continue to increase, as will spear-phishing.

    Spy-phishing -- which borrows techniques from both phishing scams and pharming attacks -- targets on-line banks, financial institutions, and other password-driven sites. The author seeds email messages with either a Trojan, or a link to download the Trojan. When downloaded and executed, this malware monitors web traffic until it detects web access to the target page. When this happens, it sends any login or confidential data back to the attacker.

    Spear-phishing, on the other hand, is targeted at specific individuals, usually in the form of an e-mail sent supposedly by someone known by the recipient.

  • The continued prevalence of surveillance spyware and adware. Now, even malware writers opt to include adware in their creations to further increase their gain. This behavior is likely to maintain its current growing trend.
  • Spam will continue to grow by spreading into other languages with the capacity to pay.
To reference this entry please copy the url in this link: (Permalink)

April 25, 2006 21:14 - Draft N Wireless Products A Disappointment

Independent tests of IEEE Draft N-compliant wireless networking equipment from Netgear and Buffalo Technology didn't quite match expectations.

The tests were performed in a home environment by Craig Mathias, principal at Farpoint Group. Craig analyzed the capabilities of Buffalo's AirStation Nfiniti router and client and both versions of Netgear's RangeMax Next client and routers.

The Draft N equipment was then compared to established products -- the Linksys SRX400 and the Wireless G line. These comparatives have been much awaited. With a draft N standard in January, this enabled the introduction of prestandard, or Draft N, equipment, despite calls from the IEEE to avoid such labels.

Mathias reported that he couldn't get the equipment to communicate with each other. Even the two Netgear systems wouldn't talk to each other.

Mathias also warned that the final 802.11n standard will be considerably different from the first draft that vendors are working from -- so it may be more than a simple software or firmware upgrade.

"The more established products just blew them away," said Mathias. "Even Linksys Wireless G performed better. It's like we're going backward."
Read the article

A little confused by the terminology? Have a read of Understanding The Terms For The Best Wireless Router Speed

To reference this entry please copy the url in this link: (Permalink)

April 26, 2006 17:26 - How A Denial Of Service Attack Stateful Firewall Secures Your Safety

In yesterday's blog, you heard about two of the new Draft N Wireless firewall router entrants. Today, we'll be taking a look at how a denial of service attack stateful firewall secures our computers.

Sounds a complicated mouthful, doesn't it? But a DoS stateful firewall is one that performs stateful packet inspection and monitors the state of network or computer connections to prevent Denial of Service (DoS) attacks.

Most good firewalls are covered by this definition, whether they be home or office, wi-fi or wired. So, in this context, we'll be taking a look at how...

  1. What do firewalls do?
  2. How firewalls secure and monitor traffic
1. What Do Firewalls Do?

A computer firewall is like a barricade or wall -- just like fire doors in a building. It is designed to keep in our personal information and to keep out intruders.

The most useful thing our firewall stops is someone else remotely logging on to our computer.

If our PC is compromised in this way, it can be turned into a zombie relay machine to send out floods of spam, or become part of Denial of Service (DoS) attacks against Web sites, such as those that occurred against Yahoo! and Amazon... and completely without the owners' knowledge.

It's estimated that millions of machines around the world have been compromised in this way.

A denial of service attack stateful firewall blocks intrusions to our computer and/or our computer network. Good software firewalls can also be configured so that only certain kinds of traffic are allowed to leave our computer or computer network.

2. How Firewalls Monitor Traffic

Hardware and software firewalls can operate differently in how they secure traffic flow to and from our computer...

Hardware firewalls can have three levels of security -- NAT, SPI and VPN.

Software firewalls typically control traffic flowing in and out of the network by using one or more of,

1. Packet filtering
2. Outbound filtering
3. Proxy server
4. Stateful packet inspection

Find out more about these terms by reading the full article How Your Denial Of Service Attack Stateful Firewall Secures Your Safety

To reference this entry please copy the url in this link: (Permalink)

April 27, 2006 21:51 - Infosec Hears Spyware Outpaces Viruses

At Infosec Europe, Webroot reported that the development of spyware is outpacing that of viruses, with a dramatic rise in spyware during the last year and a 40 per cent rise over the past three months. More and more, spyware is now primarily aimed at stealing financial data.

Gerhard Eschelbeck, chief technology officer at Webroot warned that the next target for such malware will be VoIP applications such as Skype. "Voice is definitely the next attack vector. But this time the malware writers won't use it for financial gain but for stealing intellectual property," he said.

Eschelbeck said that viruses tend to be developed and distributed by individuals and then used by third parties, whereas spyware is typically developed by teams working to order and learning the lessons of viruses. And with the sophistication now available, some spyware even resets sections of itself every hour in an effort to fool signature-based security software.

Adding to the continuing rise of spyware is the easy availability on the Internet of kits for building spyware... so anyone with malicious intent can build and distribute this malware.

How does antispyware fit in with the ballooning of this threat? You'll be surprised to know that Spyware Blockers Do Not Remove ALL Spyware

To reference this entry please copy the url in this link: (Permalink)

April 29, 2006 14:46 - Beware! Phishers Now Using VoIP

Up until now, phishers have relied on attracting unsuspecting consumers to phony versions of financial Web sites to enter personal details for ID theft or financial fraud.

Now, Cloudmark, a security firm, has reported that it has discovered a phishing scam where Voice over Internet Protocol (VoIP) -- Internet telephony -- has been used to record data from banks' automated voice systems.

It works with the scammers sending out e-mails in which they pose as a victim's bank. The messages claim that there is a problem with the user's bank account and provide a number to 'phone and to enter personal information about the account.

The victims who call the number included in the e-mail are connected via VoIP to a computer running an automated voice-answering system that sounds just like a bank's.

According to Cloudmark, VoIP phishing attacks are effective because the phone system identifies itself to the victims as the financial institution and prompts them to enter account numbers and personal identification numbers (PINs). The phishers then have complete access to all the financial records attached to the account.

There is no evidence that the VoIP providers are even aware of the scam, Cloudmark reported, although the security firm has declined to name the particular VoIP service used in this latest scheme.

Lisa Pierce, an analyst with research firm Forrester, recommended using extreme caution when responding to e-mails apparently from a financial institution. Before complying with the instructions in these messages, she said, everybody should verify that the number they are being asked to call is in fact a bank's real phone number.

"At this point in time, 800 and other toll-free numbers are more immune than regular numbers," she said.

More information on phishing and protection against Internet identity theft

To reference this entry please copy the url in this link: (Permalink)

April 30, 2006 21:55 - Now We're Being Held To Ransomware!

According to Earthtimes Sophos, a UK based security firm, has repoterted that "a new computer malware called Troj/Ransom-A is now spreading across computers.

If your're infected, the malware freezes the system and threatens to delete files every 30 minutes until an amount of $10.99 is sent to an account in the Western Union Holdings money transfer service.

Security experts said the new Trojan belonged to the emerging "ransomware" class of viruses. It has been prevalent in Russia, but recently one such attack was reported in England.

Believe it or not, the virus also leaves an e-mail address for the affected person to get in touch with, just in case the infected computer does not function properly after the ransom is paid.

Sophos said the trojan puts up a message after freezing the computer,,,

The message claims that anti-virus software is not effective against the trojan, that deleted files cannot be retrieved, that the Ctrl-Alt-Del function will not release the computer and that the malware runs every time Windows boots.

Sophos said ransomware is rare, but this is the second such trojan in the last five weeks. In March, two similar trojans, Cryzip and Zippo.a, had sought payment of $300 in return for a password to free the user's files from a maliciously created zip file.

Security experts warned that Troj/Ransom-A is spreading as a disguised file on peer-to-peer networks and may also land on systems as spam. Once the file is activated, it displays pornographic images with a message...

"Listen up muthafucka. is this computer valuable. it better not be. is this a business computer. it better not be. do you keep important company records or files on this computer. you'd better hope not. because there are files scattered all over it tucked away in invisible hidden folders undetectable by antivirus software the only way to remove them and this message is by a CIDN number."

The computer user can obtain the CIDN number after paying the ransom to the Western Union account.

Senior technology consultant at Sophos, Graham Cluley, said the trojan does not appear to be the "smartest tool in the box" and that he had passed on the details to the police, who are looking into it."

Hey! Isn't this a wake-up call? Try What's Key To The Best Antivirus Program?

To reference this entry please copy the url in this link: (Permalink)

March 2006 « 

 

 RSS
RSS Feed For This News

Guard Privacy Blog Home | Archives| Internet Privacy & Security Risks... News! | Guard Privacy... Hot New Topics | Spyware & Spyware Blockers... News! |